Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 17 Oracle Analytics Lounge
- 218 Oracle Analytics News
- 44 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 81 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture
Security concern due to visible password while calling "PublicReportService"
Priya Gupta-184819
Rank 1 - Community Starter
Organization Name
King County
Description
OIC interface is calling the OTBI public report service SOAP wsdl "https://serverURL.oraclecloud.com/xmlpserver/services/PublicReportService?wsdl"
OTBI is requiring the password as cleartext in the request payload and there is not going to be a secure solution for this use case. The username/password should not be part of payload rather it should be part of header (Basic Authentication)
Regards
Priya
Use Case and Business Need
This is a major security concern as prod password is visible and can be misused.
Original Idea Number: 185b66b90f
1