Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi
I have noticed that using the Repository Service api you can retrieve all data connections passwords in clear text.
That seems like a bad solution. Is there any plans to change this?
I doubt it. It's the kind of thing the Repository API is created for. The communication with the Repository API is encrypted with the QS certifcate. So it's not exactly plain text for everybody. You need access to the QS certificates. And if you have that you basically 'own' that QS installation. Which is why you shouldn't leave those certificates lying around where anyone can get their hands on them.
Hi Gysbert!
Thanks for your reply.
I did not say anyone could do it.
You can if you know how to setup the api calls it, it's not hard.
I am questioning if there are any usecases that validates this behaviour.