Storing passwords to call web services - Qlik Community

eparsons72 · ‎2020-02-10

I am a Security professional for a company where our developers are looking to implement a call to web service. The issue that we are having is we do not want the developer to know or have access to the password needed for this service. We would like to have it encrypted utilizing industry standards as well. Our development team is telling us that the standard implementation is to stored it either in a text file or within the database and the developer would have the ability to decrypt the password if needed.

Any suggestions on how to implement this in a way that our security department would be the only ones with the password is appreciated.

Sue_Macaluso · ‎2020-02-14

@eparsons72 This forum is to discuss the Qlik Community platform. The forums on this platform are to collaborate around Qlik products. Your question appears not to be about any Qlik products. If this is not the case please be specific on which Qlik product and what you are having a problem with. Thank you.

Sue Macaluso

eparsons72 · ‎2020-02-14

Sue, the development team is utilizing Qlik Sense to make the call to the web service that I referenced in my original post. The issue that I am having with what they are proposing is that they are stating to me that they must have the password to the service account which in our environment is not something that we allow. So we are trying to determine what path we can take to enter an encrypted password into the platform that the developer would not be able to access to ensure that the security measure meet our policy.