Categories
- All Categories
- Oracle Analytics Learning Hub
- 20 Oracle Analytics Sharing Center
- 17 Oracle Analytics Lounge
- 233 Oracle Analytics News
- 45 Oracle Analytics Videos
- 15.9K Oracle Analytics Forums
- 6.2K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 87 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture
Security concern due to visible password while calling "PublicReportService"
Priya Gupta-184819
Rank 1 - Community Starter
Organization Name
King County
Description
OIC interface is calling the OTBI public report service SOAP wsdl "https://serverURL.oraclecloud.com/xmlpserver/services/PublicReportService?wsdl"
OTBI is requiring the password as cleartext in the request payload and there is not going to be a secure solution for this use case. The username/password should not be part of payload rather it should be part of header (Basic Authentication)
Regards
Priya
Use Case and Business Need
This is a major security concern as prod password is visible and can be misused.
Original Idea Number: 185b66b90f
1