Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Security concern due to visible password while calling "PublicReportService"

Organization Name
King County
Description
OIC interface is calling the OTBI public report service SOAP wsdl "https://serverURL.oraclecloud.com/xmlpserver/services/PublicReportService?wsdl"
OTBI is requiring the password as cleartext in the request payload and there is not going to be a secure solution for this use case. The username/password should not be part of payload rather it should be part of header (Basic Authentication)
Regards
Priya
Use Case and Business Need
This is a major security concern as prod password is visible and can be misused.
Original Idea Number: 185b66b90f