Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
gandalfgray
Specialist II
Specialist II
‎2019-01-09 03:01 AM

Passwords of dataconnections exposed in clear text via Repository Service api

Hi

I have noticed that using the Repository Service api you can retrieve all data connections passwords in clear text. Man Surprised

That seems like a bad solution. Is there any plans to change this?

762 Views
0 Likes
2 Replies
Gysbert_Wassenaar
MVP
MVP
‎2019-01-09 06:13 AM

I doubt it. It's the kind of thing the Repository API is created for. The communication with the Repository API is encrypted with the QS certifcate. So it's not exactly plain text for everybody. You need access to the QS certificates. And if you have that you basically 'own' that QS installation. Which is why you shouldn't leave those certificates lying around where anyone can get their hands on them.


talk is cheap, supply exceeds demand
740 Views
0 Likes
gandalfgray
Specialist II
Specialist II
‎2019-01-09 06:40 AM
Author

In response to Gysbert_Wassenaar

Hi Gysbert!

Thanks for your reply.

I did not say anyone could do it.

You can if you know how to setup the api calls it, it's not hard.

 

I am questioning if there are any usecases that validates this behaviour.

736 Views
0 Likes