MyPrevx Audit Trail TMI

Discussion in 'Prevx Releases' started by jubal8, Apr 14, 2010.

Thread Status:
Not open for further replies.
  1. jubal8

    jubal8 Registered Member

    Joined:
    Apr 14, 2010
    Posts:
    3
    When I look at the Audit Trail on the MyPrevx site, some entries in the 'Message' column display my sign-in credentials - email and password - in clear text!! :eek:

    Is this a feature? Can I select a preference somewhere to mask or exclude this information?
     
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Are you using the full version Prevx with SafeOnline? If you are, you are protected as it's an HTTPS link and SafeOnline protects your credentials from anyone else from seeing it and also from screen grabbers and keyloggers! I don't worry about it! Only you and Prevx knows who you are and email and License numbers included! ;)

    Joe will come by and give his comments also!

    HTH,

    TH
     
  3. jubal8

    jubal8 Registered Member

    Joined:
    Apr 14, 2010
    Posts:
    3
    THanks, TH. I know I'm not talking about a triple threat here, but it is an essential security practice, IMHO, never to reveal sign-on credentials unnecessarily. And we are talking about a security product here.

    Are these being displayed for a specific purpose? If not, I say ditch that code!

    Cheers,
    ~j~
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I've forwarded a link to this thread onto our MyPrevx development team for some answers :) I'm honestly not too familiar with it but they should have a reason for it or will adjust it ASAP!

    Thank you for the information :)
     
  5. jubal8

    jubal8 Registered Member

    Joined:
    Apr 14, 2010
    Posts:
    3
    We're about to roll this out into a production environment where monitoring/logging are the new mandates. We have high hopes for Prevx, based on what I've read here and elsewhere. Getting a problem or suggestion forwarded ASAP is the kind of response that's going to keep this product in the trenches.

    Thank you, PrevxHelp. I haven't taken the time to understand this forum's relationship to the makers of Prevx, or your role among them, but I appreciate my concerns being taken seriously.

    As to immunity from screengrabbers and such, as mentioned by Triple Helix, my first thought upon seeing my password displayed was "what if someone is watching over my shoulder?" Or worse, say I'm giving a live demonstration of our Prevx console on a big screen in the conference room and didn't know that my credentials might be on display for all to see.

    I hope I made my edit correction before anyone saw my goof; if not, my apologies.
     
    Last edited: Apr 20, 2010
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We definitely agree - if the changes haven't already been made, I'll be circling back with our MyPrevx development team in the AM to get it fixed :)

    Thanks for your support and let me know if you have any questions with the rollout!
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Sorry for not having gotten back sooner - the MyPrevx passwords should now be hidden as of yesterday morning :)

    Let me know if you have any other suggestions!
     
  8. hogndog

    hogndog Registered Member

    Joined:
    Jun 9, 2007
    Posts:
    628
    Location:
    In His Service
    I'd rather see the information Google has on us, ever try putting your handle in the Google search bar? :eek:


    Hogndog
     
Thread Status:
Not open for further replies.