3 Replies Latest reply on Oct 20, 2009 5:23 PM by bshopp

    Security issue with NPM websites after 9.5 upgrade

      Hi there,

      I just upgraded from 8.5 to 9.5 and I just noticed that our websites are now displaying "too much" information in the link (address bar)

      We have 2 websites set up, one for internal that displays the full URL and one for external that displays the shorter "secure" url that customers/external users would use, eg:

       

      http://internal.mywebsite.com/Orion/SummaryView.aspx?viewid=22&netobject=

      vs

      https://external.mywebsite.com/Orion/SummaryView.aspx?viewid=22&netobject=

       

      Before upgrading to 9.5, the bold area after the .aspx? wouldnt be visible.

      My problem is that users assigned with strictly limited views can now change the viewid=* to view other views we created - including the one we use internally for our network!

      What can be done to get this changed? Is it something on the Solarwinds side, or on the IT administrator side where the website was created? A lot has changed with the website as i notice a lot is now .aspx as opposed to .asp (not sure if im correct here either - just something I noticed)