Telerik Forums / Community Forums
This is a migrated thread and some comments may be shown as answers.

Potential Bug in Telerik Website

1 Answer 43 Views
My glory with telerik controls
This is a migrated thread and some comments may be shown as answers.
Deepak Vasudevan
Top achievements
Rank 2
Deepak Vasudevan asked on 25 Sep 2012, 07:04 PM
When you install Telerik tools you are actually sending login credentials to server to activate right? I see them being passed in http without any encryption albeit as an XML string. See the capture below. Confidential info changed.

Can you fix this please?

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<AuthenticateResponse xmlns="http://tempuri.org/">
<AuthenticateResult xmlns:a="http://schemas.datacontract.org/2004/07/Telerik.WebSite.DataContracts" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<a:HashedKey>Why You Need This?</a:HashedKey>
<a:IsRemembered>true</a:IsRemembered>
<a:Name>Why You Need This?</a:Name>
<a:Password>Why You Need This?</a:Password>
</AuthenticateResult>
</AuthenticateResponse>
</s:Body>
</s:Envelope>

1 Answer, 1 is accepted

Sort by
0
Dimo Mitev
Telerik team
answered on 28 Sep 2012, 11:09 AM
Hello,

 Thank you for your post.

 Could it be that your Fiddler is configured to decrypt HTTPS transfers?

 I just double-checked that the services the web installer refers to are HTTPS only, hence my question.

All the best,
Dimo
the Telerik team

Consider using RadControls for ASP.NET AJAX (built on top of the ASP.NET AJAX framework) as a replacement for the Telerik ASP.NET Classic controls, See the product support lifecycle here.

Tags
My glory with telerik controls
Asked by
Deepak Vasudevan
Top achievements
Rank 2
Answers by
Dimo Mitev
Telerik team
Share this question
or