Using login-tokens webapi
Answered
Hi team,
Having a look at https://developers.yellowfinbi.com/dev/api-docs/yf-api.html#operation/createLoginTokenRPC to embed some dashboard in an external application, it seems that credentials for admin user as well as end user are sent without encryption.
This means that we have to store the admin / user password on application side which maybe a security issue for our customer.
Any hint to secure this ?
Thanks,
Kind regards,
Marc
The same question
Hi Marc,
I hope all is well,
I have informed our Security Team so that they can investigate this further. I hope this is ok and expect a reply very soon.
Regards,
Mark
Hi Marc,
I hope all is well,
I have informed our Security Team so that they can investigate this further. I hope this is ok and expect a reply very soon.
Regards,
Mark
Hi Marc,
Apologies for the delay with this, I will question this again with our team. I hope this is ok.
Regards,
Mark
Hi Marc,
Apologies for the delay with this, I will question this again with our team. I hope this is ok.
Regards,
Mark
Thanks Mark. In fact we are facing this question on a customer project, so I'm going to popen a private ticket.
Thanks Mark. In fact we are facing this question on a customer project, so I'm going to popen a private ticket.
Hi Marc,
Thank you for the update. I will mark this as Completed so that we can continue in the ticket created.
Regards,
Mark
Hi Marc,
Thank you for the update. I will mark this as Completed so that we can continue in the ticket created.
Regards,
Mark
Replies have been locked on this page!