Qlik Community

Qlik Sense Integration, Extensions, & APIs

Discussion board where members can learn more about Integration, Extensions and API’s for Qlik Sense.

gandalfgray
Valued Contributor II

Passwords of dataconnections exposed in clear text via Repository Service api

Hi

I have noticed that using the Repository Service api you can retrieve all data connections passwords in clear text. Man Surprised

That seems like a bad solution. Is there any plans to change this?

2 Replies
Highlighted
MVP & Luminary
MVP & Luminary

Re: Passwords of dataconnections exposed in clear text via Repository Service api

I doubt it. It's the kind of thing the Repository API is created for. The communication with the Repository API is encrypted with the QS certifcate. So it's not exactly plain text for everybody. You need access to the QS certificates. And if you have that you basically 'own' that QS installation. Which is why you shouldn't leave those certificates lying around where anyone can get their hands on them.


talk is cheap, supply exceeds demand
gandalfgray
Valued Contributor II

Re: Passwords of dataconnections exposed in clear text via Repository Service api

Hi Gysbert!

Thanks for your reply.

I did not say anyone could do it.

You can if you know how to setup the api calls it, it's not hard.

 

I am questioning if there are any usecases that validates this behaviour.