Identifying At Risk Password Items

At risk password items are those that either:

• Do not use one of the password item types that does not save session state

• Store the value in session state un-encrypted

Use the Password Items, Security Profiles, and Password Items report to help identify at risk password item:

To view reports that identify at risk password item types:

1. Navigate to the Workspace home page.

2. Click the Application Builder icon.

3. Select an application.

   The Application home page appears.

4. On the Tasks list, click Application Reports.

5. To view the Password Items report:

   1. Select Page Components.

   2. Under Items, click Password Items.

      This report shows all of the password items within the application and indicates if they use encryption and whethere they save state. Password items that do neither are highlighted as At Risk.

6. To view the Security Profiles report:

   1. Select Cross Application.

   2. Under Items, click Password Items.

7. To view the Password Items report:

   1. Select Cross Application.

   2. Under Items, click Security Profiles.

      Notice the At Risk Password Items column.

For pages that contain password items, set page attribute Form Auto Complete to Off. Setting that attribute to Off prevents the Web browser from attempting to auto complete items on the page. To learn more about this attribute, see Table: Page Attributes: Security.