CMS Security

This page outlines potential security vulnerabilities that can be exposed by improper usage of CMS. In many cases, a section will link out to a more detailed article.

RichTextBox

Avoid RichTextBox controls in eWeb. In many cases, RichTextBoxes are used to store HTML that is later executed and presented on a CMS web page. RichTextBoxes, therefore, are an inviting target for SQL injection or other attacks.

URL Tampering Prevention

See Visibility SQL in eWeb to Prevent URL Tampering for tips on preventing a user from improperly accessing data by tampering with URL querystring parameter values.

Individual Privacy

To ensure one member does not see another's information, be sure to carefully follow the recommendations in Member Director (eWeb).