Questions about character entities in XML and PCI security compliance

Hi all.

This is a rather long posting but I have some questions concerning the
usage of character entities in XML documents and PCI security
compliance.

The company I work for is using a third party ecommerce service for
hosting its online store.  A few months ago this third party commerce
site began using PGP file encryption on XML files (e.g. web orders)
transferred to us as part of the ongoing PCI security compliance.
Basically we only need to add a PGP decryption process before we can
parse the incoming XML files so there should not have been any
technical issue.

However, we noticed that XML files they created since PGP encryption
was implemented contain some unusual character entities.

For example, if a XML file have elements containing characters such as
<, >, &, -, /, ' and so on, the XML file will use the following
character entities to represent them as shown below:

Character  Unusal Character Entities
<          &amp;lt;
>          &amp;gt;
&          &amp;amp;
-          &amp;#45;
/          &amp;#47;
'          &amp#39;

No matter how you look at them, they are NOT the proper character
entities for the original characters shown.

The problem with these bad character entities is that when we use .Net
Framework components such as XmlReader to load the XML file, character
entities are not expanded back to the original characters they
represent.

Instead I would get the following result:

Unusal Character Entities	Expanded Result:
&amp;lt;                        &lt;
&amp;gt;                        &gt;
&amp;#38;                       &#38;
&amp;#45;                       &#45;
&amp;#47;                       &#47;
&amp;#39;                       &#39;

If you take a close look at the expanded results, you would see that
they are the normal character entities you would expect to see.

It seems to me that XML export process used by the ecommerce site has
applied character entities "encoding" twice.

For example, the proper character entity for / is &#47;.
However, if you treat &#47; as data string and not as character entity
and apply another "encoding", you would get &amp;#47;.

This means that whenever a online customer enter characters such as &
or / in their name or shipping address, the XML file we parsed will
not give us the correct text.

For example, if customer entered "Christian & Cruz" on their shipping
address the XML file we downloaded will show them as "Christian
&amp;#38; Cruz".  And when the XML file is parsed the resulting string
we get would be "Christian &#38; Cruz".

Another example.  If a customer entered "c/o R. Fenton, M.D." in their
shipping address, the XML file will show this string as "c&amp;#47;o
R. Fenton, M.D.".  And the resulting string we parsed would be
"c&#47;o R. Fenton, M.D.".

When we reported this problem to the ecommerse hosting company, their
response was that these character entities were "encoded" per PCI
security policy and thus they have no plan to "fix" them.

Their reply sounds strange because these weird character entities they
use in XML files are NOT data encryption nor do they provide security
benefits.  

Can anyone tell me if there is in fact some kind of special character
entities used in XML file per PCI security compliancy?

Or is our ecommerce hosting company wrong?

Any information would be appreciated.
Thank you.
0
tempest (7)
8/7/2008 10:52:32 PM
dotnet.xml 7266 articles. 0 followers. Follow

7 Replies
706 Views

Similar Articles

[PageSpeed] 21


<tempest@ucla.edu> wrote in message 
news:55sm94p8ig2vpodjolu2cq5d961fu8c4q1@4ax.com...
> Hi all.
>
> This is a rather long posting but I have some questions concerning the
> usage of character entities in XML documents and PCI security
> compliance.
>
> The company I work for is using a third party ecommerce service for
> hosting its online store.  A few months ago this third party commerce
> site began using PGP file encryption on XML files (e.g. web orders)
> transferred to us as part of the ongoing PCI security compliance.
> Basically we only need to add a PGP decryption process before we can
> parse the incoming XML files so there should not have been any
> technical issue.
>
> However, we noticed that XML files they created since PGP encryption
> was implemented contain some unusual character entities.
>
> For example, if a XML file have elements containing characters such as
> <, >, &, -, /, ' and so on, the XML file will use the following
> character entities to represent them as shown below:
>
> Character  Unusal Character Entities
> <          &amp;lt;
>>          &amp;gt;
> &          &amp;amp;
> -          &amp;#45;
> /          &amp;#47;
> '          &amp#39;
>
> No matter how you look at them, they are NOT the proper character
> entities for the original characters shown.
>
> The problem with these bad character entities is that when we use .Net
> Framework components such as XmlReader to load the XML file, character
> entities are not expanded back to the original characters they
> represent.
>
> Instead I would get the following result:
>
> Unusal Character Entities Expanded Result:
> &amp;lt;                        &lt;
> &amp;gt;                        &gt;
> &amp;#38;                       &#38;
> &amp;#45;                       &#45;
> &amp;#47;                       &#47;
> &amp;#39;                       &#39;
>
> If you take a close look at the expanded results, you would see that
> they are the normal character entities you would expect to see.
>
> It seems to me that XML export process used by the ecommerce site has
> applied character entities "encoding" twice.
>
> For example, the proper character entity for / is &#47;.
> However, if you treat &#47; as data string and not as character entity
> and apply another "encoding", you would get &amp;#47;.
>
> This means that whenever a online customer enter characters such as &
> or / in their name or shipping address, the XML file we parsed will
> not give us the correct text.
>
> For example, if customer entered "Christian & Cruz" on their shipping
> address the XML file we downloaded will show them as "Christian
> &amp;#38; Cruz".  And when the XML file is parsed the resulting string
> we get would be "Christian &#38; Cruz".
>
> Another example.  If a customer entered "c/o R. Fenton, M.D." in their
> shipping address, the XML file will show this string as "c&amp;#47;o
> R. Fenton, M.D.".  And the resulting string we parsed would be
> "c&#47;o R. Fenton, M.D.".
>
> When we reported this problem to the ecommerse hosting company, their
> response was that these character entities were "encoded" per PCI
> security policy and thus they have no plan to "fix" them.
>
> Their reply sounds strange because these weird character entities they
> use in XML files are NOT data encryption nor do they provide security
> benefits.
>
> Can anyone tell me if there is in fact some kind of special character
> entities used in XML file per PCI security compliancy?
>
> Or is our ecommerce hosting company wrong?
>
> Any information would be appreciated.
> Thank you.
Well we have similar files and I've never seen that happen. As you say they 
seem to be escaping twice. In my opinion they're wrong but I'd need to know 
their process etc.
Pragmatically you may need to un-escape once before treating the file as 
XML.

-- 

Joe Fawcett (MVP - XML)
http://joe.fawcett.name 

0
8/8/2008 6:55:19 AM

<tempest@ucla.edu> wrote in message 
news:55sm94p8ig2vpodjolu2cq5d961fu8c4q1@4ax.com...
> Hi all.
>
> This is a rather long posting but I have some questions concerning the
> usage of character entities in XML documents and PCI security
> compliance.
>
> The company I work for is using a third party ecommerce service for
> hosting its online store.  A few months ago this third party commerce
> site began using PGP file encryption on XML files (e.g. web orders)
> transferred to us as part of the ongoing PCI security compliance.
> Basically we only need to add a PGP decryption process before we can
> parse the incoming XML files so there should not have been any
> technical issue.
>
> However, we noticed that XML files they created since PGP encryption
> was implemented contain some unusual character entities.
>
> For example, if a XML file have elements containing characters such as
> <, >, &, -, /, ' and so on, the XML file will use the following
> character entities to represent them as shown below:
>
> Character  Unusal Character Entities
> <          &amp;lt;
>>          &amp;gt;
> &          &amp;amp;
> -          &amp;#45;
> /          &amp;#47;
> '          &amp#39;
>
> No matter how you look at them, they are NOT the proper character
> entities for the original characters shown.
>
> The problem with these bad character entities is that when we use .Net
> Framework components such as XmlReader to load the XML file, character
> entities are not expanded back to the original characters they
> represent.
>
> Instead I would get the following result:
>
> Unusal Character Entities Expanded Result:
> &amp;lt;                        &lt;
> &amp;gt;                        &gt;
> &amp;#38;                       &#38;
> &amp;#45;                       &#45;
> &amp;#47;                       &#47;
> &amp;#39;                       &#39;
>
> If you take a close look at the expanded results, you would see that
> they are the normal character entities you would expect to see.
>
> It seems to me that XML export process used by the ecommerce site has
> applied character entities "encoding" twice.
>
> For example, the proper character entity for / is &#47;.
> However, if you treat &#47; as data string and not as character entity
> and apply another "encoding", you would get &amp;#47;.
>
> This means that whenever a online customer enter characters such as &
> or / in their name or shipping address, the XML file we parsed will
> not give us the correct text.
>
> For example, if customer entered "Christian & Cruz" on their shipping
> address the XML file we downloaded will show them as "Christian
> &amp;#38; Cruz".  And when the XML file is parsed the resulting string
> we get would be "Christian &#38; Cruz".
>
> Another example.  If a customer entered "c/o R. Fenton, M.D." in their
> shipping address, the XML file will show this string as "c&amp;#47;o
> R. Fenton, M.D.".  And the resulting string we parsed would be
> "c&#47;o R. Fenton, M.D.".
>
> When we reported this problem to the ecommerse hosting company, their
> response was that these character entities were "encoded" per PCI
> security policy and thus they have no plan to "fix" them.
>
> Their reply sounds strange because these weird character entities they
> use in XML files are NOT data encryption nor do they provide security
> benefits.
>
> Can anyone tell me if there is in fact some kind of special character
> entities used in XML file per PCI security compliancy?
>
> Or is our ecommerce hosting company wrong?
>
> Any information would be appreciated.
> Thank you.
Well we have similar files and I've never seen that happen. As you say they 
seem to be escaping twice. In my opinion they're wrong but I'd need to know 
their process etc.
Pragmatically you may need to un-escape once before treating the file as 
XML.

-- 

Joe Fawcett (MVP - XML)
http://joe.fawcett.name 

0
joefawcett (14)
8/8/2008 6:55:55 AM
On Fri, 8 Aug 2008 07:55:19 +0100, "Joe Fawcett"
<joefawcett@newsgroup.nospam> wrote:

>Well we have similar files and I've never seen that happen. As you say they 
>seem to be escaping twice. In my opinion they're wrong but I'd need to know 
>their process etc.
>Pragmatically you may need to un-escape once before treating the file as 
>XML.

I think I will just do what you suggested and write an extra process
to convert ("un-escape") bad character entities to proper entities
first before passing parsing XML files.

At least I am glad that someone agrees with me that the third party
ecommerce site is not exporting proper character entnites in their XML
file.  They refused to fix the problem and used PCI security policy as
their excuse.

I spent several hours on Google tyring to find if there is any
relevancy at all between the use of XML character entities and PCI
security.  And I found none.
0
tempest (7)
8/8/2008 10:45:26 PM
Joe Fawcett wrote:
[snip]
> Well we have similar files and I've never seen that happen. As you say 
> they seem to be escaping twice. In my opinion they're wrong but I'd need 
> to know their process etc.

I would suspect they are not used to dealing with XML, and have been 
told by some less-than-well-informed person that "you always have to do 
this with those funny characters in web pages". But as Joe says, without 
knowing their process it's hard to be sure.

What *is* sure is that they are wrong to do this. The file when 
decrypted should be the file that was encrypted. They have corrupted it, 
and they must stop doing that.

> Pragmatically you may need to un-escape once before treating the file as 
> XML.

That may not be possible if parts of the document already use numeric 
character references or the &amp;amp; escapement for other reasons (eg 
in CDATA sections). But with luck you may just be able to reconvert it 
until your hosting bods fix the bug.

///Peter

0
Peter
8/8/2008 10:49:24 PM
tempest@ucla.edu wrote:
> At least I am glad that someone agrees with me that the third party
> ecommerce site is not exporting proper character entnites in their XML
> file.  They refused to fix the problem and used PCI security policy as
> their excuse.

Then they are guilty of adding insolence to their ignorance.
I'd get out of using them as quickly as possible.
Can you please let us know who they are so that we can avoid them?

> I spent several hours on Google tyring to find if there is any
> relevancy at all between the use of XML character entities and PCI
> security.  And I found none.

There is none.

///Peter


0
Peter
8/9/2008 3:51:49 PM
On Sat, 09 Aug 2008 16:51:49 +0100, Peter Flynn
<peter.nosp@m.silmaril.ie> wrote:

>Can you please let us know who they are so that we can avoid them?

If you want to know, the ecommerce service provider is MarketLive.
According to our management, they are one of the better ecommerce
providers out there and the reason our company use them.

Since I have not been able to find similar problems on Google, I have
a feeling it's just bad luck that MarketLive is exporting improper XML
files to us (and probably only us) perhaps because of mistakes by
their programmers.  And their technical support manager who is in
charge of handling our technical support issues insists that those
character entities are part of their PCI security policy.
0
tempest (7)
8/11/2008 8:29:43 PM
On Fri, 08 Aug 2008 23:49:24 +0100, Peter Flynn
<peter.nosp@m.silmaril.ie> wrote:

>I would suspect they are not used to dealing with XML, and have been 
>told by some less-than-well-informed person that "you always have to do 
>this with those funny characters in web pages". But as Joe says, without 
>knowing their process it's hard to be sure.

The ecommerce provider is actually very knowledgeable as far as XML is
concerned.  When comapred to other provider we have delt with in the
past, they use a very large and complicated set of XML schemas which
appear to be well thought.  

>What *is* sure is that they are wrong to do this. The file when 
>decrypted should be the file that was encrypted. They have corrupted it, 
>and they must stop doing that.

I agree but I am powerless to convince them that they are wrong.
0
tempest (7)
8/11/2008 8:42:10 PM
Reply:

Similar Artilces:

Ms CRM 30
Dear all. I need your precious help in configuring security roles. We the following organization: 2 business units, called A and B. A has 2 child business units, called A1 and A2. We would like that: - contacts under A1 or A2 must be visible (read-only) by all users under A1 or A2 but editable only by users in owner business unit (i.e. contacts in A1 are read-only for A2 and read-write for A1, contacts in A2 are read-only for A1 and read-write for A2) - but contacts in B must be visible and editable only by users in B. I tried several configurations of users and roles but I can’t find the ...

Backup question
I've moved to a new pc and for some reason I thought that when you backed up, a new file was created. Am I right? At the moment, it's just backing up to the backup file. So I've just just my working file and my backup file. Please could you clarify this? Thanks again. In microsoft.public.money, abc wrote: >I've moved to a new pc and for some reason I thought that when you >backed up, a new file was created. Am I right? At the moment, it's >just backing up to the backup file. So I've just just my working file >and my backup file. P...

Question about Xml Schemas "qualified" and "unqualified"
In the textbook, there is a sentence that "Default XML namespaces(xmlns="...") helps a lot, but can also create problems, as a side effect of the rules for automatic qualification. How to understand "automatic qualification" here? Could you please give me an example? Secondly, unless otherwise specified, a schema prescribes that loal elements and attributes must be "unqualified". What does "unqualified" mean? Could you please giv eme an example? Finnaly, could you please tell me what's purpose of using these two things? Thanks a lot! ...

security error?
Please help! I have Active Dir, Exchange and SQL 2000 on the same Win 2000 server machine. Installed CRM OK. Made security service dependent as outlined in deployment guide. Created an account in CRM and can browse around, but cannot save anything. The error I am getting is: Server Error in '/' Application. ----------------------------------------------------------- --------------------- A potentially dangerous Request.Form value was detected from the client (crmFormSubmitXml="<activity><activityt..."). Description: Request Validation has detected a potentia...

a question and a question
What is the correct name of the type of selection box used in "customizing Word", for example.... you select a word or operation from a list on the left pane and move it over to the right pane. Is there a template to build one of these? thanx You will have to explain more in detail what you are trying to do. -- Stefan Blom Microsoft Word MVP "cliffordjf" <cliffordjf@discussions.microsoft.com> wrote in message news:9856CCA7-8A8E-440C-A0D4-76EE4FA644E2@microsoft.com... > What is the correct name of the type of selection box used in "c...

IF AND question
Hi there, I need a function that can provide one of three answers: 1 2 1 1... 3 3 4 4... ? ? ? ?... If A1 = 1 and A2=3, answer 106; but if A1=1 and A2 = 4, answer 104; but if A1=2, regardless of A2, answer 95. The next function for column B is the same, except the answer is dependent on the value delivered from the column A function. E.g. A3 + 6 or A3 +4 or A3-5 etc. Any help would be most appreciated. -- ***** Many thanks Gamq Use the below formula for your first query. =IF(A1="","",IF(A1=2,95,IF(AND(A1=1,A2=3),106,IF(AND(A1=1,A2=4),104)))) ...

IE8 privacy question
I am running XP-Pro SP3 and considering upgrading from IE7 to IE8. I have read all the feature and benefit articles from MS, but have one question that remains unanswered. In IE8 there is mention of being able to restore previously viewed websites or something to that effect. I think this is on a drop down menu somewhere. 1) Does In-private viewing prevent this? 2) Does manually deleting your complete browsing history clear this? 3) Is there a registry entry that can prevent this action? 4) Is there a group policy change that can prevent this action? In essence for privacy pur...

Question about Paste Special
Hi, I have a problem sometimes with the paste special options when goin from one excel workbook to another. For example, sometimes when I cop data from one workbook and then paste special into another, I get th options that include: All, formulas, values, formats, has the option t transpose the data and paste link among other options. And the sometimes I try and paste data to another workbook and I end up th paste special options: Bitmap Image Object, picture, bitmap, and I als lose the ability to paste link. Well you can do it, but it puts it i as an object. What I want is the first past...

Money 2004: including social security income in lifetime planner
I've been using Money since 1999 and I decided that I wanted to update my lifetime planner to include some estimate of my Social Security benefits. Unless I'm misunderstanding something, it looks like there is an error in the formula for including social security benefits in the lifetime planner. For example, if I let Money estimate my benefits at, say, age 67, it'll say $24k per year, but when I go into the yearly snapshot for when I'll be 68 (just to be safe that I'm not looking at a partial year), it'll tell me my income from SS is only $12k. If I check ...

Microsoft Query question
I am trying to use Microsoft Query to get data from my SQL 2000 databases. The problem is that I have a few columns with names that conflict with keywords (like Identity). (Yes. I kow that keywords should be avoided but it is done and cannot be changed.) This is causing a keyword syntax error within the Query application. Oddly enough, even if I do not select the column the error still appears. And when you look at all the columns available, the keyword named column shows up in boldface. When I am doing queries in other programs I put square ("[ ]") brackets around column and table...

Adjust size of CEdit to x characters ??
Sorry for asking this probably stupid question I have a CEdit field in a dialog and the user should insert 32 characters in it - how do I from e.g. InitDialog set the size such that the field can hold only the 32 characters (with respect to the font)? Best regards Bo Rasmussen Hi again I've tried the following as seen in a previous posting CString csText; // The text will look exactly like this as it is for entering some cryptographic keys csText = "**** **** **** **** **** **** **** *****"; CFont *pFont = m_Edit.GetFont(); CFont *pFontDC = GetDC()->SelectObject(...

Recipient can't see special characters (apostrophe, double quote, hyphen, etc.)
When I write to some people, they don't see the characters. For examples: my single quote gets replaced with "=E2=80=99", my double quotes get replaced with "=E2=80=9C", my hyphen gets replaced with "=E2=80"" and my "..." gets replaced with "=E2=80=A6" Everything looks ok (as I sent it in my sent box). But when the person replies with history I can see that the text got converted in the interim. (And they tell me they see the funny characters, too. I've tried to send the message as Plain text, but the same thing happens. I us...

Question
Why did the chicken cross the road? -- Dr. Stephen Hopkins, MD "Dr. Stephen Hopkins, MD" <DrStephenHopkinsMD@discussions.microsoft.com> wrote in message news:B8434E21-DDA3-44D7-B39B-CD5A8C33A7BD@microsoft.com... > Why did the chicken cross the road? > -- > Dr. Stephen Hopkins, MD To collect her email, why else? Dr? You should be ashamed to put such a title on an idiotic off topic post !! -- Regards Steve. MS-MVP. MAIL. [DTS] UK. http://www.getsafeonline.org/ mac;1266180 Wrote: > "Dr. Stephen Hopkins, MD" <DrSte...

OWA Question #16
Hello All: Quick Question regarding OWA. We are about to finalize migration from 5.5 to 2003. We have an existing web presence already in DNS a www.mydomain.com. and running on existing web servers. With 5.5 natrually, to access OWA, it was www.mydomain.com/exchange. This will not be possible now since OWA runs off of the Exchange server instead of relying on our web server under 5.5. What's the easiest way to overcome this. Thanks If you can afford the extra license, you'll probably want to run a front-end server so no one is connecting directly to the Exchange database s...

VBA//Oracle Interfacing Question
All, I have been able to correct to my database but I have one question question: Within objSession I want to list all available tables and all available views. How exactly is this done? thank you. Set objSession = CreateObject("OracleInProcServer.XOraSession") Set objDatabase = objSession.OpenDatabase("", "User/Pass", 0) On Nov 16, 12:05=A0pm, jason <jason.mell...@gmail.com> wrote: > All, > > I have been able to correct to my database but I have one question > question: > > Within objSession I want to list all avail...

Text Box Question
Greetings, I have been using Visio for years, however, something has happened and I can't figure out how to undo it. Basically up until today when I added a text box and entered text, the text went horizontal as it was typed. Today when I add a text box and enter text, the text goes vertical. How do I get back to the old behavior? TIA using text container shape adjusting tool (text block tool), make the text container shape wider horizontally. Have you used Asian text font recently?...check help for "vertical text" "Ray Batig" wrote: > Greetings, > &g...

401K questions
I just started a 401K at work and I'm wondering how to deal with it in Money. I've got my paycheck split into different categories currently and now I have to put the 401K amount into a category as well. I didn't see one specifically for this. What do other people use? Should I start using the 401K Manager? I haven't gone through it yet I'm just wondering if it works well and how much benefit I'll get from it. Thanks in advance! Mike You will want to create an investment account for the 401(k) and TRANSFER your contributions from your checking account to the...

ROWCOUNT question
Hi All, The below is a UDF that returns the ROWCOUNT for a table. I need to know that value for WHILE loop. How do I take the Returned value from the UDF and load it intio a variable in the SP where it was called from? Or maybe there is another way. ALTER FUNCTION [dbo].[RecCount] ( @TableName CHAR(15) ) RETURNS TABLE AS RETURN ( SELECT Rows FROM sysindexes WHERE id = OBJECT_ID(@TableName) AND indid < 2 ) Thanks, Eric Eric S (xxx_noSpam@Hotmail.com) writes: > The below is a UDF that returns the ROWCOUNT for a table. I need to know > that va...

How to keep display format when exporting XML?
First thank you for taking the time to read about my problem. My problem is this. When exporting my xml data, the time/date values loose their display format. A time of 01:30 am, for example, becomes something like 0.001353 when exported.. What do I need to do to keep the same format as is displayed in Excel? It would sure be great if you could help. Kind regards ...

If / Then Question
How would I do this: IF A1="N" then I need A2 and A3 to="N/A -- pkniven ----------------------------------------------------------------------- pknivens's Profile: http://www.excelforum.com/member.php?action=getinfo&userid=2767 View this thread: http://www.excelforum.com/showthread.php?threadid=47531 pknivens Wrote: > How would I do this: > > IF A1="N" then I need A2 and A3 to="N/A" Hi pknivens In A2 and A3 use this formula > =IF(A1="N","N/A",""), this will return blank if A1 is not N, if you want it...

Exmerge Question #7
When I run Exmerge on a mailbox on my 2003 server to export to a PST, it will delete all emails after the copy. I thought EXmerge would "copy" not delete. is this the default? If so how can I just have it do a copy out to the PST and leave the mailbox alone. thanks Rick in "options", make sure "archive data to target store" is not selected on the "Import procedure" tab... -- Susan Conkey [MVP] "Rick" <drummer10980@gmail.com> wrote in message news:1165509540.777142.38260@16g2000cwy.googlegroups.com... > When I run Exmerge on ...

question about "delete"
I have a pointer: MyWindowClass *p = NULL; p = new MyClass(...); .... delete p; After delete p, does p equal NULL(it is in C++ standard?)? How to decide if p has been deleted? The reason I asked this question is that in my project, there are many code/files use the pointer which I need to determine is it is deleted? Can I use: if(p != NULL) delete p; I guess somewhere p has been deleted, but p still not NULL(possible?), the above code might cause problem. Hi Kathy, I typically just set p to NULL when I delete it: delete p; p = NULL; Then you can check it in other places and ...

Item Description ( 30 Characters)
Item Description for purchasing and other areas of HQ ans SO should be longer. And not 31 characters! ;-) -- Regards, Ivan Brebner Premium Retail Solutions ---------------- This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message pane. If you do not see the button, follow this link to open the suggestion in the Microsoft Web-based Newsreader and then click "I Agree" in the message pane. http://www.microsoft.com/Businesssolutions/Community/NewsGroups...

More combining companies questions
We too have acquired another company and need to look at all of our options concerning what to do with email. We run Exchange 2003, they run Exchange 2000. What is the best way to combine the two so we can share GAL, free-busy info, etc.? No decisions have been made as far as what we are going to do with their AD. We could of course change their MX record to point to our server, update our RUS, etc., but what if we want to keep an Exchange server at their site? What has to be done to join their server to our Exchange org? If you want sync both GAL,pls check this http://www.microso...

switchboard question 12-26-07
Is there a way to put the names of different switchboard pages on the switchboard form? If you put one name on a switchboard page (in form design view), the same name appears on all the switchboard pages. I understand why this happens, but what if I want the user to be able to know which switchboard s/he is on? Thanks. PS the same thing happens if I go into form design view and put in control tip text. It puts the same text for the same-numbered menu item on two different switchboard pages. "Debbie S." wrote: > Is there a way to put the names of different switchboard ...