When the pivotgrid is correctly connected to the cube the username is not displayed to the user. However, should either someone grab the HTML code and adjust the connection to an incorrect catalog/cube and then runs the adjusted code via their local IIS or should our cube no longer exist and the username/password be altered then users will be greeted with the default SOAP faultstring message:
error: {"faulstring": Either the user, somedomain/someuser, does not have access to the somecube database, or the database does not exist", "faultcode":"XMLAnalysisError.0xc1180001"}
Since this exposes the domain and username it publishes a vector for possible attack. We are attempting to just suppress this message but if necessary any and all SOAP faultstrings. Is this possible?
1 Answer, 1 is accepted
The best way to avoid exposing valuable data is to use a proxy service, that will keep the credential information private. You can find more details here:
Regards,
Georgi Krustev
Telerik