Replies: 1 comment 1 reply
-
|
This is a very clever idea. Have you considered HTTPS to solve this? |
Beta Was this translation helpful? Give feedback.
-
|
Pretty much everything is HTTPS these days but it solves the problem only partially. Having talked to the security experts in my organization, it sound like the client's browser is the main issue. If a sensitive parameter is in the URL, it ends up in the browser history. HTTPS doesn't prevent this. Depending on where your TLS is terminated it may also be logged elsewhere, such as a gateway. Obviously, moving request parameters to the HTTP body isn't fool-proof as the body too can be logged. In any case, in my organization and its tight security policies, DAB is out. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
When working in a highly secure enviroment, having possibly sensitive data as a query parameter in a GET request is not allowed. (See CWE-598) I know using GraphQL eliminates this but not all client applications can easily switch to using GraphQL. It would be great if you could force DAB to use POST requests instead and use some format to pass the OData parameters in the request body.
Beta Was this translation helpful? Give feedback.
All reactions