Hi folks, someone has already gone through this, when they had to post a standalone URL. I noticed that we need to pass user and password in the URL so that it is not requested the same, but, it goes decrypted.
Currently, there is no way to pass an encrypted password or hide the password (that I am aware of); but I know that some customers have worked around this by creating a "read-only" user in the system, with limited ACL permissions (such as removing the 'Change Password' ACL), and then using that user in the URLs that are published for outside consumption.
I believe that this solution is very weak. Any other product has the ability to encrypt passwords. From what I realized this speech is adopted internally in the CA. Anyway, we will look for other means of not passing user and password in the URL.
Please open an Idea, to see if we can try to do an enhancement request.
We already have an open idea (https://communities.ca.com/ideas/235736320-url-with-user-and-pass-decrypted) if you can vote and publicize, it will help us a lot.
Thanks