We are attempting to utilize an OData feed from Query on one of our website pages. This has brought up some questions in regards to PCI compliance given the fact that an account must be specified to log-in to the API. PCI compliance states that every individual should have their own user name and password for a given system. In this case, we will obviously be creating a separate account for OData feeds, as we would not be in compliance if we were passing around our own credentials.
It is great that the credentials must be base64 encoded, to pass to the API, but this account will now be sitting on a public server where if it did actually get hacked, that account would have many system roles associated where a lot of damage could be done by logging into Altru. Given the fact that we need many system roles to access various tables and fields in Query, those would have to be assigned to this OData user account.
Is there any way to obtain a "read-only" connection or system role to utilize within public webpages for OData and/or API feeds?
Guest
| Customer references | The Strong |
