Spotfire Ideas Portal
We need an API which returns the username and password of the currently logged in user into web player. There is an API which returns the username only, but we need to get the password as well.
The use case is as follows:
A user creates a template in spotfire client which requires connection to a data source (Oracle or Informix database) to retrieve data for analysis.
The template is stored in the library and accessed by many users. Currently we embed the username/password of the database connection inside the template because in web player we cannot prompt the user to enter his DB credentials. So, now all the users are able to connect to the DB using the DB credentials stored in the template which is NOT good.
We need an API which returns the username and password of the currently logged-in user in order to use them as the DB connection credentials. This way, each user of the template will be using his own DB credentials...
If not clear, please let me know.
Thanks.
For security reasons, it's unlikely that we will have such an API, but since there are potentially other ways to solve your problem I took the freedom to rephrase the Idea title.
A couple of existing options that you might want to evaluate:
Information Services (with one service account - and personalized information links)
Kerberos (either with Inormation Services or Connectors)
Hi Julie,
We are using OleDBConnection class. I think it accepts an encrypted password with md5(). So, if the requested API returns an encrypted password, I guess that will work and overcome the security risk you mentioned.
This seems like a security risk.