Where do other developers keep environment variables? Security Risk?
I recently came across an intended feature in Agilepoint and I would like to know other developers strategies on this subject.
The scenario is if a user has access to an application, and has a form assigned to them. However they do not have read/write privilege's to the data entity the application uses. Then a rather lengthy error message is displayed to the user which includes in plain text global variable values, and plain text process variables. This is the scenario I created, but there may be others.
My problem is, we use global variables as way to keep usernames and passwords for Rest API's. You can see my issue here, end users should not ever see that data.
Our Agilepoint implementations have us using many different API calls, and putting credentials/header values directly into the lookup would be very time consuming in the future if we ever need to change a username, password or secure header value.
How do you other developers handle this? Do you just bite the bullet and keep the values directly in the look up?
-
正式评论
Hi Sam,
You can use a REST API Global access token and use the REST activity to use the Global access token. This way the credentials are not exposed in the Custom attributes XML. When you need to update the credentials, you can edit the Global access token and update it.
Thanks.
评论操作
请先登录再写评论。
评论
1 条评论