This is a migrated thread and some comments may be shown as answers.

Username is exposed via SOAP faultstring

1 Answer 55 Views
PivotGrid
This is a migrated thread and some comments may be shown as answers.
David
Top achievements
Rank 1
David asked on 25 Nov 2015, 01:54 PM

When the pivotgrid is correctly connected to the cube the username is not displayed to the user. However, should either someone grab the HTML code and adjust the connection to an incorrect catalog/cube and then runs the adjusted code via their local IIS or should our cube no longer exist and the username/password be altered then users will be greeted with the default SOAP faultstring message:

 error: {"faulstring": Either the user, somedomain/someuser, does not have access to the somecube database, or the database does not exist", "faultcode":"XMLAnalysisError.0xc1180001"}

 Since this exposes the domain and username it publishes a vector for possible attack. We are attempting to just suppress this message but if necessary any and all SOAP faultstrings. Is this possible?

1 Answer, 1 is accepted

Sort by
0
Accepted
Georgi Krustev
Telerik team
answered on 27 Nov 2015, 08:41 AM
Hello David,

The best way to avoid exposing valuable data is to use a proxy service, that will keep the credential information private. You can find more details here:
Regards,
Georgi Krustev
Telerik
 
Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
 
Tags
PivotGrid
Asked by
David
Top achievements
Rank 1
Answers by
Georgi Krustev
Telerik team
Share this question
or