Last updated on November 01, 2016

Security changelog

For our customers’ protection, Appspace makes regular security updates to its software. For on-premises customers, it is important that you keep up to date with the latest software release in order to maintain the highest level of security. Below is a table of recent security changes found in Appspace.

Description Benefit Platform Area Available In
Added Single Sign-On (SSO) support. Administrators can now configure Appspace to authenticate users with any SAML 2.0 compliant corporate identity provider. User Authentication 5.2.0
Updated SSO behavior to combat potential vulnerabilities. Ensures that new types of unauthorized login attempts cannot by-pass SSO authentication. User Authentication 5.5.1
Webpage content now utilizes HTTP Basic Authentication when passed to the Appspace App with Base64 encoding. Ensures passwords are masked and encoded during transmission to Appspace App. Password Security 5.11.1
Masked connection strings and passwords for widgets, and utilized HTTP Basic Authentication with Base64 encoding. Ensures connection strings and passwords for Workbook, RSS Ticker, RSS Viewer, Table Listing, and Remote Control widgets in signs, are masked and encoded during transmission. Password Security 5.11.0
Improved encryption for data provider passwords. All connected data provider passwords are encrypted once saved. Password Security 5.11.4
Enhanced user password complexity and encryption for non-SSO and non-Active Directory accounts. Password complexity feature generates more secure passwords for new users, which are also encrypted when saved. Password Security 5.1.0
Updated SQL injection query methods. Prevents unauthorized attempts to view, modify, or delete database entries and tables. Database Security 5.11.1
Updated UserNavigation API. Prevents the display of exclusive information such as file paths or IP addresses. API Security 5.7.2
Updated the test method for webpage authentication. When validating webpage authentication, in the library or signs, the validation will be processed server-side. Browser Security 5.11.4
Default all web form submissions through secure connections only. Forms that contain potentially sensitive information will only be sent through a secure connection. Browser Security 5.8.0
Removed web response headers from ASP.NET MVC. Ensures unauthorized attempts to access Appspace technology stack are prevented. Browser Security 5.9.1
Implemented segregation of rights on the server-side instead of client-side, during query execution on applications. Restrictions are applied on the server-side to prevent exploitations of administrator privileges via browser attacks. General Security 6.0.1
Ensured that by default, all API calls to Appspace cloud-based servers are secure. Improved security when interacting with Appspace cloud-based servers. General Security 5.6.0
Improved web services security. Prevents unauthorized attempts to send a request to a web service and attempts to read the response. General Security 5.7.2
Encoded AJAX (Asynchronous JavaScript and XML) data when calling Appspace. Prevents cross-site scripting attacks where user-controllable data is copied into app responses. General Security 5.8.0