Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Credential Password and text concatenation - security issue

LorenzoTacconi
Level 3
‎23-10-20 04:24 PM
Status: New

I noticed that in process/object studio it is possible to concatenate a password obtained with the action "Get Credential" and a text variable. The result is a text variable from which every developer can get the password in clear text. This is a security issue in my opinion that could be solver if the concatenation of a password and a text was of "password" type instead of "text" type.

See more ideas labeled with:
1 Comment
AndreyKudinov
Level 10
‎28-10-20 12:27 PM
‎28-10-20 12:27 PM
It is impossible to "fix". If process needs to have access to a credentials, then developer doesn't even need to concatenate anything really. You can just read credential to a data item with type "text" OR you can write it to a notepad or any other open field in any application (login instead of password) - lots of options basically.
If your dev should not know the password - just don't give him access to that process/credential on prod.
0 Likes