jQuery or Not, Client-Side API Will Always Start with a $
Apr 4, 2026 - 22:07
Radio and PodcastLive Radio & PodcastsLoading episode
Fetching episode details...
Radio and PodcastLive Radio & PodcastsRadio and PodcastLive Radio & PodcastsFetching episode details...
Radio and PodcastLive Radio & Podcasts
In this episode, we take a close look at the history of security issues in Power Pages. We start with the early days — when simple misconfigurations like unchecked table permissions and enabled OData feeds led to major d...
End Of The World As We Know It: Security Leaks In Power Pages is an episode from CRM Audio by George Doubinski. In this episode, we take a close look at the history of security issues in Power Pages. We start with the early days — when simp...
This episode belongs to CRM Audio.
Use the player on this page to stream the episode online.
Published Aug 17, 2025, 34:25 long, audio available.
Continue listening to more episodes from CRM Audio.
Apr 4, 2026 - 22:07
Jan 22, 2026 - 27:49
Oct 6, 2025 - 18:40
Jul 17, 2025 - 49:36
May 31, 2025 - 31:04
Mar 10, 2025 - 36:44
Dec 23, 2024 - 26:45
Sep 30, 2024 - 38:29
In this episode, we take a close look at the history of security issues in Power Pages. We start with the early days — when simple misconfigurations like unchecked table permissions and enabled OData feeds led to major data exposures. These weren't bugs, but they showed how easy it was to set things up the wrong way. We talk about how Microsoft responded and what lessons we've learned about secure defaults and clear documentation. We then move on to more serious vulnerabilities introduced by newer features like the Web API. We explain how some of these flaws allowed access to restricted data using filters and sort clauses, and how those issues were eventually patched. These were real product-level bugs, and some were even exploited in the wild. We also share our thoughts on external authentication providers like Google, and the risks that come with delegating authentication — including phishing techniques that can bypass protections. Finally, we reflect on how Power Pages compares to platforms like WordPress, especially when it comes to architecture and the potential for plugin-related vulnerabilities. Despite recent issues, we think the original design of Power Pages deserves credit for holding up well over time. References Power Pages security | Microsoft Learn Tip : How to secure Power Apps portal from making the news - Power Platform & Dynamics CRM Tip Of The Day Engineered Code - Blog - Power Pages: Another "Leak" Get in touch voice@crm.audio Nick Hayduk @Engineered_Code George Doubinski @georgedude
You can listen to End Of The World As We Know It: Security Leaks In Power Pages online on Radio and Podcast. Open the player on this page to stream the available audio.
End Of The World As We Know It: Security Leaks In Power Pages is an episode from CRM Audio by George Doubinski.
This episode is 34:25 long.
This episode was published on Aug 17, 2025.
Yes. Use the heart button on the episode page to add it to your favorite episodes list.
Yes. This page shows related episodes from CRM Audio when more episodes are available from the podcast feed.
You can listen to End Of The World As We Know It: Security Leaks In Power Pages on this page when the episode audio is available from the podcast feed.
End Of The World As We Know It: Security Leaks In Power Pages is from CRM Audio by George Doubinski.
Published Aug 17, 2025 and 34:25 long