User passwords printed on paperwork at a dental office?

My dental office just printed my password (to their portal) on some checkout paperwork.

I asked on law stackexchange and it doesn’t sound like this is a HIPAA violation, but I am really curious if this violates other regulations or goes against known best practices, as it seems really bad security-wise.

It doesn’t feel right that they can even see my password.

Any thoughts / resources much appreciated.

Can I set the value of field for a custom list based on which custom form a user chooses?

New developer. Be gentle, please.

Constraints: I am using SharePoint Designer and SharePoint 2010 behind a firewall so I can’t upload pretty much anything without going to my helpdesk and getting a tech person to do it for me.

Situation: We track “Activities”. There are many points of origin for an Activity request. Different clients give us different information and are going to need custom forms (custom new item forms created through SPD). However, all these forms will create new items for the same custom list, “Activity Management”, and I have workflows already in place to create a new Activity Number each time one is created based on a batch of other stuff that is probably not super relevant. All these workflows were designed for only 1 custom form, though.

I need to create a second form and have it not trigger some of my workflows at this time. My idea is to have my new custom New form auto-fill/pre-populate on load/etc a field that identifies which form it is. Then I just have to make a condition at the top of my workflow to not activate for that form. Then we can do it later by changing that field to a value of my choice, now triggering the desired workflow.

I just can’t figure out how to simply set the value of a field within the html of the form – not hiding anything, not making the field a cascading anything, nothing fancy. I have a default inside the SharePoint List Settings that is “No Form” for when I do things manually. Once I figure this out for this form, I’ll imitate it for each custom Change or Activity request. And we can have as many entry points as my bosses need…

Potential Paths to a Solution: Can I do this within table row itself?

               <tr>                     <td width="190px" valign="top" class="ms-formlabel">                         <H3 class="ms-standardheader">                             <nobr>Form Used</nobr>                         </H3>                     </td>                     <td width="400px" valign="top" class="ms-formbody">                         <SharePoint:FormField runat="server" id="ff95{$  Pos}" ControlMode="New" FieldName="Form_x0020_Used"  __designer:bind="{ddwrt:DataBind('i',concat('ff95',$  Pos),'Value','ValueChanged','ID',ddwrt:EscapeDelims(string(@ID)),'@Form_x0020_Used')}"/>                         <SharePoint:FieldDescription runat="server" id="ff95description{$  Pos}" FieldName="Form_x0020_Used" ControlMode="New"/>                     </td>                 </tr> 

Or, maybe there is a really nifty javascript thing that could be used…

<script type="text/javascript" language="javascript">     function setff95() {         Something     } </script> 

user gets access denied when adding new document in folder

In my SharePoint 2013 environment I have a site where the admin user group has design rights + security management rights. A readers permission group has read access on the site. I have a document library with one folder. On the folder I break the inheritance and give the readers group contribute access.

When the user from the readers groups wants to add a new document (Ribbon –> new document –> document) he gets a pop-up with an access denied message.

Why can’t the user add a new document with contribute access?

How to prevent an user from tampering a request using Burp

Our rails application has a feature where admin can from trigger sending verify email to users that haven’t been verified yet but not to verified ones.

However, it was pointed out that by intercepting this PUT request and modifying the id to another one it was possible to send verify email even to the already verified users thereby confusing them.

How do I make sure that I can find out that the request was tampered with.

I can keep track of the users sent invites to and how many times but it still doesn’t solve the problem that anyone can trigger an email to anyone if the know or guess their user id which again is visible from in the user details page in the format users/17.

I’m not sure how do I solve this problem.

SharePoint Search Query – Filter item by user & groups from the current user

In a web part, I wanted to show only items that people had permissions on. I know I can stop inheriting permissions on the list and give them unique permissions, but that’s not what our client wants. So we created a column of people and groups (linked to Azure AD groups) we wanted to be able to filter in the search query only items where the user belonged to the group the item is associated with. Is this possible?

Thank you.

SharePoint Online doesn’t honor single page app (SPA) settings for user with read permissions to the page

We are running into issue where when we have broken the permission on modern site pages with read permission SharePoint doesn’t honor Single Page App (SPA) settings and render page as regular page when user with read permissions to pages logs in.