Identifying At Risk Pa ssword Items

At risk password items are those that either:

Do not use one of the password item types that does not save session state
Store the value in session state un-encrypted

Use the Security Profiles and Password Items reports to help identify at risk password items.

Topics:

Viewing the Security Profiles Report
Viewing the Password Items Report

Viewing the Security Profiles Report

To view the Security Profiles Report:

Navigate to the Workspace home page.
Click the Application Builder icon.

The Application Builder home page appears.
On the Tasks list, click Cross Application Reports.
Under Security, click Security Profiles report.

This report list the following information about all applications in the current workspace:
- Application
- Name
- Parsing Schema
- Application Level Authorization Scheme
- Authentication
- Authorization Schemes
- Authorization Schemes
- Pages
- Encrypted Items
- At Risk Password Items

Viewing the Password Items Report

To identify at risk password items:

Navigate to the Workspace home page.
Click the Application Builder icon.

The Application Builder home page appears.
On the Tasks list, click Cross Application Reports.
Under Security, click Password Items.

The Password Items report shows all of the password items within the application and indicates if they use encryption and whether they save state. Password items that do neither are highlighted as At Risk.

Tip:

For pages that contain password items, set page attribute Form Auto Complete to Off. Setting that attribute to Off prevents the Web browser from attempting to auto complete items on the page. To learn more about this attribute, see Table: Validation Methods.

Identifying At Risk Password Items

Viewing the Security Profiles Report

Viewing the Password Items Report

Identifying At Risk Pa ssword Items