Power Apps portals OData security leak analysis |365.Training
Microsoft Power Apps portals can be misconfigured to inadvertently allow public access to the private data in Dataverse. Depending on the portal configuration, sensitive information can be leaked, including PII. Up to 47 portal instances and close to 38 million records were potentially exposed, as analysed by security researchers at UpGuard, see https://www.upguard.com/breaches/powe....
In this video we take a close look at the configurations that could result in the Dataverse data being leaked through the portal. We walk you through the lists, OData feeds, page access rules, and table permissions and show 3 ways to identify and resolve the issues. As a bonus we demonstrate how to use Portal Studio to stop the leaks from happening in the first place.
Detailed analysis: https://crmtipoftheday.com/1407/how-t...
FREE portal security training: https://365.training/Courses/Detail/p...
00:00 The sky is falling - 38 millions portal records exposed
01:08 Lists in portals provisioned before 15 August 2021
03:16 Masking the problem with web page access rules
04:25 Enabling OData feed and accidentally leaking the data
06:03 How to quickly plug the data leak
06:36 Use table permissions to fine-tune the access to the list data
07:43 Experience in portals provisioned after 15 August 2021
08:38 No more leaks in OData in new portals
09:21 Better experience in Portal Studio
11:00 3 ways to check if your Power Apps portal leaks the data
14:20 FREE training on portal security is now available
Смотрите видео Power Apps portals OData security leak analysis |365.Training онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь 365.Training 30 Август 2021, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 54 раз и оно понравилось 1 людям.