jQuery or Not, Client-Side API Will Always Start with a $
Apr 4, 2026 - 22:07
Radio and PodcastLive Radio & Podcasts
Technology
End Of The World As We Know It: Security Leaks In Power Pages
In this episode, we take a close look at the history of security issues in Power Pages. We start with the early days — when simple misconfigurations like unchecked table permissions and enabled OData feeds led to major d...
About This Episode
End Of The World As We Know It: Security Leaks In Power Pages is an episode from CRM Audio -- The Dynamics 365 Podcast by George Doubinski. In this episode, we take a close look at the history of security issues in Power Pages. We start wit...
Podcast
This episode belongs to CRM Audio -- The Dynamics 365 Podcast.
Listen Online
Use the player on this page to stream the episode online.
Episode Details
Published Aug 17, 2025, 34:25 long, audio available.
Related Episodes
Continue listening to more episodes from CRM Audio -- The Dynamics 365 Podcast.
Hide your dirty laundry on the server-side
Jan 22, 2026 - 27:49
Contacts Are Users Too - Now with Dataverse Privileges
Oct 6, 2025 - 18:40
Hidden In Plain Site: Underused Features in Power Pages
Jul 17, 2025 - 49:36
Cache Me If You Can: The Power Pages Wishlist
May 31, 2025 - 31:04
What's Really Coming in Release Wave 1 2025: AI Hype And A New Security Threat
Mar 10, 2025 - 36:44
Solid Liquid with Web Templates
Dec 23, 2024 - 26:45
Wave 2 2024: Release Notes Don't Make Sense Anymore
Sep 30, 2024 - 38:29
Questions About This Episode
What is End Of The World As We Know It: Security Leaks In Power Pages about?
In this episode, we take a close look at the history of security issues in Power Pages. We start with the early days — when simple misconfigurations like unchecked table permissions and enabled OData feeds led to major data exposures. These weren't bugs, but they showed how easy it was to set things up the wrong way. We talk about how Microsoft responded and what lessons we've learned about secure defaults and clear documentation. We then move on to more serious vulnerabilities introduced by newer features like the Web API. We explain how some of these flaws allowed access to restricted data using filters and sort clauses, and how those issues were eventually patched. These were real product-level bugs, and some were even exploited in the wild. We also share our thoughts on external authentication providers like Google, and the risks that come with delegating authentication — including phishing techniques that can bypass protections. Finally, we reflect on how Power Pages compares to platforms like WordPress, especially when it comes to architecture and the potential for plugin-related vulnerabilities. Despite recent issues, we think the original design of Power Pages deserves credit for holding up well over time. References Power Pages security | Microsoft Learn Tip : How to secure Power Apps portal from making the news - Power Platform & Dynamics CRM Tip Of The Day Engineered Code - Blog - Power Pages: Another "Leak" Get in touch voice@crm.audio Nick Hayduk @Engineered_Code George Doubinski @georgedude
Where can I listen to End Of The World As We Know It: Security Leaks In Power Pages?
You can listen to End Of The World As We Know It: Security Leaks In Power Pages online on Radio and Podcast. Open the player on this page to stream the available audio.
Which podcast is End Of The World As We Know It: Security Leaks In Power Pages from?
End Of The World As We Know It: Security Leaks In Power Pages is an episode from CRM Audio -- The Dynamics 365 Podcast by George Doubinski.
How long is this episode?
This episode is 34:25 long.
When was this episode published?
This episode was published on Aug 17, 2025.
Can I save End Of The World As We Know It: Security Leaks In Power Pages for later?
Yes. Use the heart button on the episode page to add it to your favorite episodes list.
Are there related episodes from CRM Audio -- The Dynamics 365 Podcast?
Yes. This page shows related episodes from CRM Audio -- The Dynamics 365 Podcast when more episodes are available from the podcast feed.
Quick Answers About This Episode
Where can I listen to End Of The World As We Know It: Security Leaks In Power Pages?
You can listen to End Of The World As We Know It: Security Leaks In Power Pages on this page when the episode audio is available from the podcast feed.
Which podcast is this episode from?
End Of The World As We Know It: Security Leaks In Power Pages is from CRM Audio -- The Dynamics 365 Podcast by George Doubinski.
What are the episode details?
Published Aug 17, 2025 and 34:25 long