1. App Builder User's Guide
  2. Managing Application Security
  3. Understanding Developer Security Best Practices
  4. Identifying At Risk Password Items

20.2.2 Identifying At Risk Password Items

Identify at risk password items by viewing the Security Profiles report and Password Items report.

At risk password items are those that either do not use a password item type that does not save session state, or store an unencrypted value in session state.

Parent topic: Understanding Developer Security Best Practices

20.2.2.1 Viewing the Security Profiles Report

View the Security Profiles Report by navigating to Workspace Utilities and selecting it from Cross Application Reports.

To view the Security Profiles Report:

  1. Navigate to the Workspace home page.
  2. Click the App Builder icon.

    The App Builder home page appears.

  3. Click the Workspace Utilities icon.
  4. Locate Cross Application Reports on the right side of the window.
  5. Under Cross Application Reports, click Security Profiles report.

    This report list the following information about all applications in the current workspace:

    • Application

    • Name

    • Parsing Schema

    • Application Level Authorization Scheme

    • Authentication

    • Authorization Schemes

    • Authorization Schemes

    • Pages

    • Encrypted Items

    • At Risk Password Items

Parent topic: Identifying At Risk Password Items

20.2.2.2 Viewing the Password Items Report

View the Password Items Report by navigating to Workspace Utilities and selecting it from Cross Application Reports.

To identify at risk password items:

  1. Navigate to the Workspace home page.
  2. Click the App Builder icon.

    The App Builder home page appears.

  3. Click the Workspace Utilities icon.
  4. Locate Cross Application Reports on the right side of the window.
  5. Under Cross Application Reports, click Password Items.

    The Password Items report shows all of the password items within the application and indicates if they use encryption and whether they save state. Password items that do neither are highlighted as At Risk.

Tip:

For pages that contain password items, set the page attribute Form Auto Complete to Off. Setting that attribute to Off prevents the web browser from attempting to auto complete items on the page.

Parent topic: Identifying At Risk Password Items