23 Oct
2009
23 Oct
'09
9:30 a.m.
Hi there, I just discovered what I think is a security risk, or at least a flaw in the way oxygen presents system ids. When evaluating a XPath for a document that is accessed through webdav on an eXist database, the results are displayed in the bottom pane of the window. The column for system ID will show the users credentials, that is, account name and password in clear text. It seems a potential risk to me to expose these things, so I wonder if there is a way to hide that. All the best, Christian -- Christian Wittern Institute for Research in Humanities, Kyoto University 47 Higashiogura-cho, Kitashirakawa, Sakyo-ku, Kyoto 606-8265, JAPAN