Crm Audio -- The Dynamics 365 Podcast

In this episode, we take a close look at the history of security issues in Power Pages. We start with the early days — when simple misconfigurations like unchecked table permissions and enabled OData feeds led to major data exposures. These weren’t bugs, but they showed how easy it was to set things up the wrong way. We talk about how Microsoft responded and what lessons we’ve learned about secure defaults and clear documentation. We then move on to more serious vulnerabilities introduced by newer features like the Web API. We explain how some of these flaws allowed access to restricted data using filters and sort clauses, and how those issues were eventually patched. These were real product-level bugs, and some were even exploited in the wild. We also share our thoughts on external authentication providers like Google, and the risks that come with delegating authentication — including phishing techniques that can bypass protections. Finally, we reflect on how Power Pages compares to platforms like WordPress,