ApplicationPool password stored as plain text withing SharePoint

A few days ago I was reading a blog (And I forgot what blog!!) with information that the ApplicationPool password was stored as plain text. If you don't believe me: check the screenshot below:

The password is as well accessible via the objectmodel, when runnin under elevatedPrivilges..

Lessons learned: Always try to have a least-privilegd installation for your SharePoint farm!

Published Thu, May 28 2009 8:13 AM by Bas

Filed under: SharePoint, appPool, ApplicationPool, Security

Comments

# re: ApplicationPool password stored as plain text withing SharePoint

Thursday, May 28, 2009 11:29 AM by Robin

Probably mine or Tobias Zimmergen's one ;)

Tobias : www.zimmergren.net/.../recoverfetch-the-application-pool-password.aspx

Mine : community.zevenseas.com/.../spapplicationpool.aspx

;)

# re: ApplicationPool password stored as plain text withing SharePoint

Thursday, May 28, 2009 12:30 PM by Bas

Yes,

it was tobiases blog ;)

Title (required)
Name: (required)
Website: (optional)
Comments (required)
Remember Me?
Please add 1 and 1 and type the answer here:

BBB - Bas Blogging 'Bout SharePoint

Email Notifications

Search

Tags

News

Archives