Writely’s security problem.
Google July 14th, 2006 - By HaochiDo you ever know that Writely shows your blog’s username and password in their source code? They do, and is in plaintext!
var UserName = “username“;
var Password = “password“;
If you ever use Writely to post blog, take a look at the source code, and you will find both of your blog’s username and password there. Really scary huh, just remember to sign out everytime, and it should be fine.
I don’t really think it’s necessary to put these “top-scrects” in clients’ source files, what’s your thought?
UPDATE: I think I am kind of misleading, the password and username I am talking about is in the editing page, not the published document, and here’s the screen shot.
“A screen shot is better than thousand words.”
July 14th, 2006 at 4:20 pm
can you confirm that this is not an encrypted in plain txt ?
July 14th, 2006 at 5:30 pm
Okay, I will make a screenshot, but I really need to mask my username and password though.
Err, Imageshack is taking so long, and the poor Google Picasa Web Album doesn’t support PNG files.
http://img81.imageshack.us/img81/6239/10sf.png
July 14th, 2006 at 8:20 pm
My apologies if this is rude, but any chance I can get a Writely invite?
Cheers
July 15th, 2006 at 7:12 am
Invitation sent.
July 22nd, 2006 at 5:36 pm
I know this probably isn’t nthe best way to go about it. But I would like to join the writely beta as well. Can anyone help me out?
Thanks