It's all about the answers!

Ask a question

RTC sends username and password in clear text. Is this expected behavior?

Praveen Krishnan (1122) | asked Apr 13 '15, 5:04 a.m.


We are programmatically retrieving data from RTC and displaying work item information on our internal portal. While debugging using FIDDLER we see that the username and password are being sent across as clear text.

We are running 5.0.2 in a distributed environment.

One answer

permanent link
Ralph Schoon (63.2k33646) | answered Apr 13 '15, 5:18 a.m.
edited Apr 13 '15, 5:19 a.m.
I would assume that it is sent within an encrypted HTTPS message.

If you set up Fiddler as ´"man in the middle" proxy with HTTPS certificates you obviously would be able see the unencrypted content.

My 2 cent

Praveen Krishnan commented Apr 13 '15, 6:42 a.m.

We  have disabled the security certificate settings on our WebSphere application server.

Do we need to setup self-signed certificates?

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.