I am developing bots that has to login into multiple platforms. When bot retrieves passwords from Orchestrator’s asset and put them into password box. There is a chance that bot could type password into, let’s say, notepad and expose the password.
My point is the plausibility that someone (developers from other team) could intentional or unintentional expose passwords of service accounts that he/she shouldn’t know; and later uses for any purpose. Tasks to enter username and password are pretty common as everyone knows.
Is there any measure to prevent this from happening ? My organization is very limited on finding someone to review everyone’s workflows. Potentially, the number of UiPath developer is growing, and my team has to take care of common security issues and suggest best practices for other team developers. Surely, questions asking for this problem will arise, so I want to address it before hand.