Question
3
Replies
1307
Views
Posted: August 26, 2015
Last activity: August 26, 2015
Closed
Solved
Mashup Security Issue: Storing Username and Password in the HTML
We have a project where there are concerns about Mashup security. The comment came as:
Security issue as mashup user and password are stored on the page.
How do we address and communicate this issue? My expectation is we don't do this in production environment but this is just an uneducated assumption.
Have you came across similar situation? What did you do?
Thanks a lot for your help in advance.
Jiri,
You are absolutely correct about that. The security team just did an assessment of Pega Web Mashup and found the issue. It is my understanding that this only occurs when we are doing configuration tasks during development and should not be seen in production.
If you find issues in any Pega Application, I would urge you to contact the SpyVsSpy team.
Matt