The beta test version of SageLive - the desktop accounting market leader's software as a service (SaaS) offering - has been taken out of service to patch a security vulnerability highlighted by online rival KashFlow. John Stokdyk reports.

One of the most eagerly awaited accounting software launches of 2009 was taken down less than a month after going public. The site currently tells visitors: Sage Live is closed for maintenance [1].

"Sage Live is beta," the holding page explains. "This means that we’re going to continue to develop our service to make sure we give you the best possible experience. This may mean that, from time to time, we have to make changes to the site in response to your valuable feedback, and where required, this may mean that we have to take the site down while we work on it."

The most pointed feedback has come from the direction of KashFlow founder Duane Jackson who has been hounding Sage's SaaS efforts since he spotted a pre-beta edition at an exhibition in London. While poking around the rival system in mid-January, Jackson spotted that both the userame and password were being sent back to the application over the net in clear text and raised a warning in his blog [2].

A week later, on 28 January, SageLive was taken offline.

Jackson argued that Sage may be a pre-eminent desktop application developer, but writing robust programs for the web is a totally different thing. Having pointed out the weaknesses in the embryonic program, he applauded Sage for "not just conceding that they cocked up, but showing they're not willing to jeopardise their clients' data".

Sage said it was working to do what was necessary to get a secure version up and running again as soon as possible.