CMS Security
This page outlines potential security vulnerabilities that can be exposed by improper usage of CMS. In many cases, a section will link out to a more detailed article.
RichTextBox
Avoid RichTextBox controls in eWeb. In many cases, RichTextBoxes are used to store HTML that is later executed and presented on a CMS web page. RichTextBoxes, therefore, are an inviting target for SQL injection or other attacks.
URL Tampering Prevention
See Visibility SQL in eWeb to Prevent URL Tampering for tips on preventing a user from improperly accessing data by tampering with URL querystring parameter values.
Individual Privacy
To ensure one member does not see another's information, be sure to carefully follow the recommendations in Member Director (eWeb).