Hi,
I am looking at working using the K2 Smart Form Login Page instead of Windows Integrated Login. Can someone point out will there be any security issues here? As I found out that the connection string for the K2 Smart Form Login Page will be stored in a Session. Meaning, the user's creditantial will be stored in there too.
Please advise.
Thanks.
Page 1 / 1
Yes, in the login page you build up your connection string in string format and it is passed back to the SmartForm using a session variable. The string is not encrypted. If someone knows the session variable name and can get hold of the session object then the system will be compromised.
Hi jacov, thanks for the info.
Reply
View our Community Site Map
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.