Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
MichaelScar
Regular Visitor

The password won't be encrypted when sent.

Hi All!

 

When I'm creating a new web api dataflow I get this warning and I can't seem to find any documentation regarding to this.. Does it mean that the password is not encrypted inside the BI service and thus might be compromised if BI service has a breach? The password is encrypted between data source and the service since the data source has https enabled..

 

1 ACCEPTED SOLUTION
v-lid-msft
Community Support
Community Support

Hi @MichaelScar ,

 

Based on my understand, when use the basic authentication, the username and password will be included in the HTTP Header, but if you use the https, The whole http request ,include header, should be encrypted when sent(But should pay attention to the Mitm). I think the warn mean the password in the header will not be additional encryped, such as be hashed or be encryped by other passowrd.  You can call the api in Power BI Desktop and trace the request sent to verify before use in the dataflow, Or you can try the OAuth authentication or token based authentication if the source supported.

 

For a detailed explanation of Power BI security, please refer to the the Power BI Security whitepaper.


Best regards,

 

Community Support Team _ Dong Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

1 REPLY 1
v-lid-msft
Community Support
Community Support

Hi @MichaelScar ,

 

Based on my understand, when use the basic authentication, the username and password will be included in the HTTP Header, but if you use the https, The whole http request ,include header, should be encrypted when sent(But should pay attention to the Mitm). I think the warn mean the password in the header will not be additional encryped, such as be hashed or be encryped by other passowrd.  You can call the api in Power BI Desktop and trace the request sent to verify before use in the dataflow, Or you can try the OAuth authentication or token based authentication if the source supported.

 

For a detailed explanation of Power BI security, please refer to the the Power BI Security whitepaper.


Best regards,

 

Community Support Team _ Dong Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors
Top Kudoed Authors