Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Grow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.

Reply
MichaelScar
Regular Visitor

The password won't be encrypted when sent.

Hi All!

 

When I'm creating a new web api dataflow I get this warning and I can't seem to find any documentation regarding to this.. Does it mean that the password is not encrypted inside the BI service and thus might be compromised if BI service has a breach? The password is encrypted between data source and the service since the data source has https enabled..

 

1 ACCEPTED SOLUTION
v-lid-msft
Community Support
Community Support

Hi @MichaelScar ,

 

Based on my understand, when use the basic authentication, the username and password will be included in the HTTP Header, but if you use the https, The whole http request ,include header, should be encrypted when sent(But should pay attention to the Mitm). I think the warn mean the password in the header will not be additional encryped, such as be hashed or be encryped by other passowrd.  You can call the api in Power BI Desktop and trace the request sent to verify before use in the dataflow, Or you can try the OAuth authentication or token based authentication if the source supported.

 

For a detailed explanation of Power BI security, please refer to the the Power BI Security whitepaper.


Best regards,

 

Community Support Team _ Dong Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

1 REPLY 1
v-lid-msft
Community Support
Community Support

Hi @MichaelScar ,

 

Based on my understand, when use the basic authentication, the username and password will be included in the HTTP Header, but if you use the https, The whole http request ,include header, should be encrypted when sent(But should pay attention to the Mitm). I think the warn mean the password in the header will not be additional encryped, such as be hashed or be encryped by other passowrd.  You can call the api in Power BI Desktop and trace the request sent to verify before use in the dataflow, Or you can try the OAuth authentication or token based authentication if the source supported.

 

For a detailed explanation of Power BI security, please refer to the the Power BI Security whitepaper.


Best regards,

 

Community Support Team _ Dong Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
RTI Forums Carousel3

New forum boards available in Real-Time Intelligence.

Ask questions in Eventhouse and KQL, Eventstream, and Reflex.

MayPowerBICarousel

Power BI Monthly Update - May 2024

Check out the May 2024 Power BI update to learn about new features.

Top Solution Authors
Top Kudoed Authors