• Created by Unknown User (a.szuflicki), last modified on Jan 27, 2023

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Explanation

This rule detects whether a service call or rest service has a username and password parameter defined. Having a authorization parameters defined in the model may result in unexpected behavior. It is only recommended to use the username and password for test purposes. It checks service calls of type: 

  • AQ_RestServiceClient
  • AQ_SoapServiceClient
  • AQ_MailService

Possible improvements

Configure the connection in the application.properties file only. This adds the possibility to make the authorization parameters dependent on the environment.
See: https://my.blueriq.com/display/DOC/Connections+Properties

Example

For this Mail service call, the authorization parameters - smtp-user and smtp-password have some example values.

This results in the following security hotspot:



  • No labels