Hi guys,
wonder if anyone yet tried to save SecureStrings in an automated way. I got the following within an action element:
configElement.setAttributeWithKey(attributeKey, attributeValue);
The input attributeValue in that case is of type SecureString and the workflow calling the action also submits a SecureString object. However, when I look into the saved ConfigurationElement the value is saved as a String in clear-text, so any vRO admin is able to read the data just by browsing. I'm aware that "SecureString" is not as secure as the object name may sound - in fact SecureString objects in any language can easily converted back into Strings of course - but still: there's a reason why that object exists (prevent "quickly getting sensitive data just by viewing").
So I really want that SecureString inside my ConfigurationElement, which is totally possible if manually creating a ConfigurationElement.
If checking the type of the submitted attributeValue inside the action element using:
System.log(typeof attributeValue)
It becomes clear that the attributeValue conversion from SecureString to String happens while the object is submitted to the action. Or so I thought.
Checking the type using typeof in a normal scripting element inside the workflow shows the same result. So I guess, typeof is the issue here, which will always return "String" for a SecureString. Am I correct to suppose that typeof is used by setAttributeWithKey to detect the type to use when creating a ConfigurationElement attribute and that SecureString is only handled differently by the UI, but not the RHINO engine itself (thus, any meaning to the UI get's lost once we use it inside scripts and from that point it's handled as a regular String)?
Some clarification on that topic and - if available - a workaround would be nice.
regards
Robert