Versions Compared

Old Version 2

changes.mady.by.user Unknown User (a.szuflicki)

Saved on

compared with

New Version 3

changes.mady.by.user Unknown User (a.szuflicki)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This rule detects whether a service call or rest service has a username and or password parameter defined. Having a authorization parameters defined in the model may result in unexpected behaviorThese fields are not encrypted and may therefore cause security risks. It is only recommended to use the username and password field for test purposes. It checks service calls of type: 

  • AQ_RestServiceClient
  • AQ_SoapServiceClient
  • AQ_MailService

Possible improvements

Configure Use encrypted values in the connection configuration in the application.properties file only. This adds the possibility to make the authorization parameters dependent on the environment.
See:https://my.blueriq.com/display/DOC/Connections+
 My Blueriq - Security Encrypting connection passwords
 My Blueriq - Connections Properties

Example

For this Mail service call, the authorization parameters - smtp-user and smtp-password have some example values.

...