CRM Audio

• End Of The World As We Know It: Security Leaks In Power Pages

  In this episode, we take a close look at the history of security issues in Power Pages. We start with the early days — when simple misconfigurations like unchecked table permissions and enabled OData feeds led to major data exposures. These weren’t bugs, but they showed how easy it was to set things up the wrong way. We talk about how Microsoft responded and what lessons we’ve learned about secure defaults and clear documentation. We then move on to more serious vulnerabilities introduced by newer features like the Web API. We explain how some of these flaws allowed access to restricted data using filters and sort clauses, and how those issues were eventually patched. These were real product-level bugs, and some were even exploited in the wild. We also share our thoughts on external authentication providers like Google, and the risks that come with delegating authentication — including phishing techniques that can bypass protections. Finally, we reflect on how Power Pages compares to platforms like WordPress, especially when it comes to architecture and the potential for plugin-related vulnerabilities. Despite recent issues, we think the original design of Power Pages deserves credit for holding up well over time. References Power Pages security | Microsoft Learn Tip #1407: How to secure Power Apps portal from making the news - Power Platform & Dynamics CRM Tip Of The Day Engineered Code - Blog - Power Pages: Another “Leak” https://thehackernews.com/2025/01/severe-security-flaws-patched-in.html https://www.bleepingcomputer.com/news/security/microsoft-fixes-power-pages-zero-day-bug-exploited-in-attacks/ https://www.cnn.com/2021/08/24/tech/data-leak-microsoft-upguard/index.html   https://www.upguard.com/breaches/power-apps Get in touch [email protected] Nick Hayduk @Engineered_Code George Doubinski @georgedude

  --------  

  34:25

  --------

  34:25
• Hidden In Plain Site: Underused Features in Power Pages

  Continuing from the wishlist, in this episode we focus on underused features in Power Pages - capabilities that are built into the platform but often overlooked during development. We discuss features such as redirects, shortcuts, site markers, and web link sets, highlighting where they fit and why they’re still relevant, especially for structured navigation and content management. We also cover content snippets, explaining how they support multilingual content, reduce duplication, and allow non-developers to manage content without modifying code. Additional topics: Leveraging form and list metadata instead of custom JavaScript Choosing fetchXML in liquid over Web API for secure, server-side queries The challenges and potential of conditional multistep forms The role of site settings in fine-tuning authentication and behavior A lot of Power Pages features are often overlooked. Hopefully you get some extra ammunition to improve structure, usability, and long-term maintainability across projects. Get in touch [email protected] Nick Hayduk @Engineered_Code George Doubinski @georgedude

  --------  

  49:36

  --------

  49:36
• Cache Me If You Can: The Power Pages Wishlist

  In this episode, we deliver on their promise from the previous show — a wishlist of features they’d love to see in Power Pages (and none of them are AI). It’s a mix of practical frustrations from real-world projects and some wild ideas for future innovation. What did we talk about? George’s standing desk automation project — powered by Python, Bluetooth, and (eventually) Power Platform. Imagine your desk going up automatically before every meeting! Top Power Pages wishlist items: API to clear the cache — long-requested, simple sounding, yet still missing. Modern Forms — it’s time to modernize the end-user experience beyond Bootstrap upgrades. Support for Quick View and Quick Create forms — why only Main forms? Multi-step form improvements — allow skipping between steps, especially when there are no conditions. Bring back Front-Side Editing — content editing without admin rights is a must for real CMS scenarios. Power Automate integration in forms and lists — run flows like classic workflows directly from UI. Framework agnostic design — let’s dream big: support Tailwind, Foundation, or other CSS frameworks beyond Bootstrap.   What's next? How about a tour of Power Pages features that already exist — but almost nobody uses. Credits Cover image by chatGPT (inspired by terrible prompts) References rhyst/linak-controller: A Python script to control Linak standing desks Get in touch [email protected] Nick Hayduk @Engineered_Code George Doubinski @georgedude

  --------  

  31:04

  --------

  31:04
• What’s Really Coming in Release Wave 1 2025: AI Hype And A New Security Threat

  In the first episode of 2025, Nick and George break down Release Wave 1 2025 for Power Pages, separating real improvements from underwhelming updates. AI features take center stage, but do they actually add value? Discussion covers AI-assisted forms, web agents, and natural language queries, questioning their usefulness in real-world applications. Modern lists get long-awaited updates, including JavaScript event support and metadata filters, finally closing gaps with classic lists. The ongoing file upload saga resurfaces, and the new virus scanning feature raises questions about effectiveness. A streamlined Microsoft Entra ID setup wizard promises easier authentication setup, but handling failed logins remains tricky. A surprising security threat in social logins also comes up — cross-IdP impersonation —where external authenticator can let attackers register an account with someone else’s corporate email. With event portals moving from outbound marketing to Power Pages, the clock ticks toward a July 2025 deadline for migration. Anyone still using the old Angular-based event sites needs to start planning now. Want to know what’s missing from this release? A wishlist of features Power Pages actually needs is coming next time. Don’t miss it! Credits Cover image by chatGPT (inspired by terrible prompts) References Overview of Power Pages 2025 release wave 1 | Microsoft Learn Transition events from outbound marketing to real-time journeys - Dynamics 365 Customer Insights | Microsoft Learn Combining Verification Phishing and Cross-IdP Impersonation Get in touch [email protected] Nick Hayduk @Engineered_Code George Doubinski @georgedude

  --------  

  36:44

  --------

  36:44
• Solid Liquid with Web Templates

  In this somewhat warm episode, George and Nicholas explore web templates in Power Pages, breaking down how they work, their history from ADX Studio to modern-day template blocks, the regrets along the way, and practical ways to use them effectively. They discuss features like include and extend, share tips for simplifying your development process, and highlight why templates are a powerful tool for creating reusable components. Whether you’re new to web templates or looking to refine your skills, this conversation has something for everyone. As a bonus, they debate what’s better as an income stream: Shopify shares or podcasts. Credits Cover image by chatGPT (inspired by terrible prompts) References Web templates | Microsoft Learn Liquid overview | Microsoft Learn Shopify Liquid reference Shopify Stock Quote Get in touch [email protected] Nick Hayduk @Engineered_Code George Doubinski @georgedude

  --------  

  26:45

  --------

  26:45

Fler podcasts i Teknologi

Trendiga poddar i Teknologi

Om CRM Audio