Question

How secure is the password used in a Call Rest Microflow Activity?

0

Hi there, I've been trying to figure out how secure passwords are when used in a Call Rest activity with the native REST services. I was wondering whether they get automatically encrypted and such when being send to call an API, since it doesn't exactly look secure in the Call Rest activity: I'd hope so, but I'd rather ask a stupid question than assume it :)

asked 2018-08-08

Desiree de Ridder

2 answers

0

You would normally specify a constant value for the password. Its default value would be the password of you dev/test server, with a value that all of the developers are allowed to know.

The production password is stored in the constant value in the cloud portal.

answered 2018-08-09

Joost Verhoog

Dorus van der Kroft · Accepted Answer · 2018-08-08

It depends on whether you are using a REST endpoint over HTTP or HTTPS. In the lather, the transport layer is secured. Hence, the username and password will be sent encrypted. However, anyone having access to the model will have access to these credentials. There are more secure ways for handling REST calls. Please have a look at https://www.owasp.org/index.php/REST_Security_Cheat_Sheet#HTTPS