Username is exposed via SOAP faultstring

2 posts, 1 answers
  1. David
    David avatar
    16 posts
    Member since:
    Aug 2014

    Posted 25 Nov 2015 Link to this post

    When the pivotgrid is correctly connected to the cube the username is not displayed to the user. However, should either someone grab the HTML code and adjust the connection to an incorrect catalog/cube and then runs the adjusted code via their local IIS or should our cube no longer exist and the username/password be altered then users will be greeted with the default SOAP faultstring message:

     error: {"faulstring": Either the user, somedomain/someuser, does not have access to the somecube database, or the database does not exist", "faultcode":"XMLAnalysisError.0xc1180001"}

     Since this exposes the domain and username it publishes a vector for possible attack. We are attempting to just suppress this message but if necessary any and all SOAP faultstrings. Is this possible?

  2. Answer
    Georgi Krustev
    Admin
    Georgi Krustev avatar
    3707 posts

    Posted 27 Nov 2015 Link to this post

    Hello David,

    The best way to avoid exposing valuable data is to use a proxy service, that will keep the credential information private. You can find more details here:
    Regards,
    Georgi Krustev
    Telerik
     
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
     
  3. Kendo UI is VS 2017 Ready
Back to Top