AnsweredAssumed Answered

Bit.ly url calls embedded in Web AppBuilder!   How secure is that?

Question asked by David.Wendelken on Feb 21, 2017
Latest reply on Feb 28, 2017 by David.Wendelken

I noticed that Web AppBuilder includes javascript calls to bit.ly URL addresses.   That seems to me to be very insecure as we have no way of knowing, from one day to the next, what website is being masked by that call to bit.ly.

Is Esri aware that its developers have embedded bit.ly URLs in its web code?

Who owns the Bit.Ly web addresses being used?  Does Esri own them?  Or some random developer?

Whomever has the access to that bit.ly address could redirect our calls to a webpage that captures information and then relays the request to the correct Esri URL to return the correct values.  That would be a classic man-in-the-middle attack, except that Esri would be culpable for helping them do it.


Outcomes