cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fabric is Generally Available. Browse Fabric Presentations. Work towards your Fabric certification with the Cloud Skills Challenge.

Reply
MichaelScar
Regular Visitor

The password won't be encrypted when sent.

‎05-15-2020 05:53 AM

Hi All!

 

When I'm creating a new web api dataflow I get this warning and I can't seem to find any documentation regarding to this.. Does it mean that the password is not encrypted inside the BI service and thus might be compromised if BI service has a breach? The password is encrypted between data source and the service since the data source has https enabled..

 

Labels:
Message 1 of 2
1,945 Views
0
1 ACCEPTED SOLUTION
v-lid-msft
Community Support
Community Support

‎05-17-2020 06:52 PM

Hi @MichaelScar ,

 

Based on my understand, when use the basic authentication, the username and password will be included in the HTTP Header, but if you use the https, The whole http request ,include header, should be encrypted when sent(But should pay attention to the Mitm). I think the warn mean the password in the header will not be additional encryped, such as be hashed or be encryped by other passowrd.  You can call the api in Power BI Desktop and trace the request sent to verify before use in the dataflow, Or you can try the OAuth authentication or token based authentication if the source supported.

 

For a detailed explanation of Power BI security, please refer to the the Power BI Security whitepaper.


Best regards,

 

Community Support Team _ Dong Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 2 of 2
1,903 Views
0
1 REPLY 1
v-lid-msft
Community Support
Community Support

‎05-17-2020 06:52 PM

Hi @MichaelScar ,

 

Based on my understand, when use the basic authentication, the username and password will be included in the HTTP Header, but if you use the https, The whole http request ,include header, should be encrypted when sent(But should pay attention to the Mitm). I think the warn mean the password in the header will not be additional encryped, such as be hashed or be encryped by other passowrd.  You can call the api in Power BI Desktop and trace the request sent to verify before use in the dataflow, Or you can try the OAuth authentication or token based authentication if the source supported.

 

For a detailed explanation of Power BI security, please refer to the the Power BI Security whitepaper.


Best regards,

 

Community Support Team _ Dong Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 2 of 2
1,904 Views
0

Helpful resources

Announcements
PBI November 2023 Update Carousel

Power BI Monthly Update - November 2023

Check out the November 2023 Power BI update to learn about new features.

Community News

Fabric Community News unified experience

Read the latest Fabric Community announcements, including updates on Power BI, Synapse, Data Factory and Data Activator.

Power BI Fabric Summit Carousel

The largest Power BI and Fabric virtual conference

130+ sessions, 130+ speakers, Product managers, MVPs, and experts. All about Power BI and Fabric. Attend online or watch the recordings.

View All
Top Solution Authors
View All