I drafted this in 2014 and given the recent QC news:
I was quite shocked to see that the Embarcadero QC client logs in over HTTP, not over HTTPS, especially since it passes the password in plain text.
QC does this logon call to http://qc.embarcadero.com/coBugCGI.exe/soap/ICDSReportPublicInterface:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
POST http://qc.embarcadero.com/coBugCGI.exe/soap/ICDSReportPublicInterface HTTP/1.1 | |
SOAPAction: "urn:CDSReportPublicInterfaceIntf-ICDSReportPublicInterface#Login" | |
Content-Type: text/xml; charset="utf-8" | |
User-Agent: Borland SOAP 1.1 | |
Host: qc.embarcadero.com | |
Content-Length: 665 | |
Proxy-Connection: Keep-Alive | |
Pragma: no-cache | |
<?xml version="1.0"?> | |
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><NS1:Login xmlns:NS1="urn:CDSReportPublicInterfaceIntf-ICDSReportPublicInterface"><EMail xsi:type="xsd:string">nobody@example.org</EMail><Passcode xsi:type="xsd:string">password</Passcode><ClientID xsi:type="xsd:string">QCWINCLNT</ClientID><BDN xsi:type="xsd:string">1</BDN></NS1:Login></SOAP-ENV:Body></SOAP-ENV:Envelope> |
Time to cut down on my usage of QC.
–jeroen
via: QC does this logon call to http://qc.embarcadero.com/coBugCGI.exe/soap/ICDSReportPublicInterface.