We'd love to hear from you! Provide  feedback  to earn a badge today. Take our quick survey
You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Safely using basic authentication for embedded process UI components

Received Response
18
Views
6
Comments
edited Feb 9, 2018 8:00AM in Process Automation 6 comments

Summary

Safely using basic authentication for embedded process UI components

Content

I have created an Embedded UI Component for use on an external server.  The component simply displays a PCS web form that starts a particular process.  I currently have it configured with basic authentication. I send an xhr request with basic authentication (base64 encoded username and password) to the process cloud instance with the deployed process/web form.

The component works however if I inspect the request with dev tools I obviously see the base64 encoded request.  In other words, any user that inspects the request will see be able to run an atop() method on the base64 encoding and get a cleartext username and password.  This is obviously an issue even if I make the user an invocation user only for that process because someone can log into the process cloud instance with those credentials.

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!