Comments on: Sage Live – Serious SaaS Security Issues

By: SaaS gets heated. Needlessly. | Sanity with Sage

SaaS gets heated. Needlessly. | Sanity with Sage — Sat, 22 Aug 2009 08:52:44 +0000

[...] would be easy to join in with some cheap shots at Duane Jackson, who after all has previously used security issues with Sage’s entry level Sage Live product to generate free publicity. [...] Dennis Howlett’s invective is entertaining, but ultimately empty. [...]

By: Mandar

Mandar — Mon, 15 Jun 2009 10:22:52 +0000

Good article. FYI..BEA Aqualogic is now Oracle WebCenter. :-)

By: Sage Multiple Anticlimax

Sage Multiple Anticlimax — Wed, 29 Apr 2009 12:42:53 +0000

[...] approach towards us, when I then found security holes in their attempt at SaaS, Sage Live, I blogged about it instead of quietly telling [...]

By: SecurityPlease

SecurityPlease — Thu, 09 Apr 2009 21:33:52 +0000

Admittedly I only read to the part about plain text password exposed in GET request. In addition to it being plainly visible, this data would be exposed through browser history, router logs and web server logs.

By: OnSeaside

OnSeaside — Fri, 20 Feb 2009 17:23:10 +0000

I have never liked Sage. Every company I have dealt with had it (bar one) and every accountant I had loved it – they simply did not know better. Having your accounting system on line is fantastic, especially for smaller companies if the team is not all in one place.
In two companies I introduced Netsuite. The advantage Netsuite offered is that it integrates a CRM system with an accounting system. You can even build in an online ordering system, an e-marketing system and lots of other goodies. Yes it is expensive, but then it also offers a lot and I always felt it was very secure.
As a business manager and not an accountant it has always been important to keep track of what my business was doing. Netsuite offers that. I have no connection with them at all, and whilst I constantly fought the costs, I loved the product.

By: Hawkeye

Hawkeye — Thu, 05 Feb 2009 15:22:02 +0000

No matter how good your developers are, any web-based system holding sensitive data should be tested by external security consultants – “penetration testers” in the jargon. The ways to hack into a web system are many and varied and are often highly detailed – you really need experts who know what they are doing.

Bottom line: I wouldn’t go near any sensitive web-based system if it hasn’t been penetration tested by specialists. Regardless of whether this was a beta system it clearly was not penetration tested. It should have been before it made it even half-as-far as been available for semi-public testing.

That alone says to me that Sage don’t know what they are doing.

By: David and Goliath Part Two – Sometimes the Little Guys Can Be Cruel | CloudAve

Thu, 29 Jan 2009 13:06:03 +0000

[...] the KashFlow blog had a post outing some potential security concerns for the new SageLive SaaS product. The substance of the claims are not overly important – I did [...]

By: Sage take SaaS product offline due to security concerns

Sage take SaaS product offline due to security concerns — Wed, 28 Jan 2009 19:18:22 +0000

[...] it was crap anyway (which other more independent people then agreed with), then we pointed out serious security concerns with [...]

By: CODA 2go - Latest blog entries and comments

CODA 2go - Latest blog entries and comments — Thu, 22 Jan 2009 15:32:53 +0000

A flurry of excitement and schadenfreude has flown around the SaaS community as apparently serious security flaws were highlighted in the beta version of SageLive [...]

By: Is SageLive ready for the SaaS Market?

Is SageLive ready for the SaaS Market? — Thu, 22 Jan 2009 10:47:33 +0000

[...] Granted this software is still a beta but it seems the concerns that he, and others commenting on his blog, are not unfounded [...]