From 347af4de75576325bccf66af55f8318b7b8e22b9 Mon Sep 17 00:00:00 2001
From: Dean DiRoma <dean.diroma@hitachivantara.com>
Date: Tue, 23 Jan 2024 09:21:32 -0500
Subject: [PATCH] [BACKLOG-39521] Security credentials exposed on clear text
 when using import-export utility

---
 .../plugin/services/importexport/CommandLineProcessor.java | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/extensions/src/main/java/org/pentaho/platform/plugin/services/importexport/CommandLineProcessor.java b/extensions/src/main/java/org/pentaho/platform/plugin/services/importexport/CommandLineProcessor.java
index 38f3397ef0e..ea83d7884f1 100644
--- a/extensions/src/main/java/org/pentaho/platform/plugin/services/importexport/CommandLineProcessor.java
+++ b/extensions/src/main/java/org/pentaho/platform/plugin/services/importexport/CommandLineProcessor.java
@@ -14,7 +14,7 @@
  * See the GNU Lesser General Public License for more details.
  *
  *
- * Copyright (c) 2002-2023 Hitachi Vantara. All rights reserved.
+ * Copyright (c) 2002-2024 Hitachi Vantara. All rights reserved.
  *
  */
 
@@ -790,10 +790,7 @@ private void performBackup() throws ParseException, KettleException, URISyntaxEx
    */
   private String buildURL( String contextURL, String apiPath ) throws ParseException, KettleException {
     StringBuilder sb = new StringBuilder();
-    sb.append( contextURL ).append( apiPath )
-      .append( "?userid=" ).append( getUsername() )
-      .append( "&password=" )
-      .append( Encr.encryptPassword( Encr.decryptPasswordOptionallyEncrypted( getPassword() ) ) );
+    sb.append( contextURL ).append( apiPath );
 
     return sb.toString();
   }