Maintaining the Domain › Manage Certificates › How CA Process Automation Protects Passwords

How CA Process Automation Protects Passwords

User account credentials, user name and password, are used to gain access to various systems and features. The password value must be protected for security reasons. Although passwords are strings, they are treated differently than other values of this data type. CA Process Automation protects passwords at the UI level in the following ways:

• Users cannot pass Passwords from place to place.
• Users cannot write a CA Process Automation process that says process.v = process.Password, because v is visible.
• Manipulations such as appending a password with the letter "t" and then later moving the "t" are disabled using JavaScript.
• Users cannot concatenate passwords with a + operator. No action that would reveal the Password value is permitted.
• Users cannot enable detection of password contents. For example, they cannot make what is hidden viewable.

In summary, CA Process Automation helps ensure password privacy as long as the password is within CA Process Automation. Passwords that are part of operator category configurations are protected. They cannot be modified or referenced or passed to external methods.

When a password that is not part of an operator category configuration is passed to an external method, it can be returned in clear text. Take precautions to protect passwords that are passed to external programs. The best solution is to use certificates or an alternative.

You can export the contents of definitions stored in a database and then import them to a database within the same domain or in a different domain. Importing datasets into another domain nulls out passwords since passwords are encrypted. This is by design; different domains use different encryption keys.