Hello, Thank you for reporting this problem. The users credentials should have been filtered from the system ids presented in results panel. We made the necessary fix and a new oXygen build will be available later today. Best Regards, Octavian -- Octavian Nadolu <oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger http://www.oxygenxml.com Christian Wittern wrote:
Hi there,
I just discovered what I think is a security risk, or at least a flaw in the way oxygen presents system ids.
When evaluating a XPath for a document that is accessed through webdav on an eXist database, the results are displayed in the bottom pane of the window. The column for system ID will show the users credentials, that is, account name and password in clear text. It seems a potential risk to me to expose these things, so I wonder if there is a way to hide that.
All the best,
Christian