Skip to main content
Question

FME Server security with password encryption and decryption

  • November 23, 2017
  • 4 replies
  • 140 views
A

Good afternoon everyone,

I have one question regarding FME Server security. I am using FME Server 2014 with an Oracle database.

Normally when we create a user in FME Server, the user is create in table FME_USERACCOUNT with an encrypted password.

Now I have an issue that one of my web services have to access FME Job so my web services need username / password for basic authentication.

Now I have two options either I store password in some local storage with my web service or my web service access Oracle schema fmeserver and get password for user. If i can have decrypted password, the management will be very simple for me.

Can anyone guide me, may be I am missing some basic point over here.

I don't have AD in my infrastructure.

Can you please guide me ?

Regards

4 replies

david_r
Celebrity
  • david_rCelebrity
  • November 23, 2017

Rather than using basic auth, you should look into using a security token for your API access.

Here are a couple of starting points:

https://docs.safe.com/fme/html/FME_Server_Documentation/Content/ReferenceManual/service_token.htm

https://playground.fmeserver.com/getting-started/authentication/

A
david_r wrote:

Rather than using basic auth, you should look into using a security token for your API access.

Here are a couple of starting points:

https://docs.safe.com/fme/html/FME_Server_Documentation/Content/ReferenceManual/service_token.htm

https://playground.fmeserver.com/getting-started/authentication/

Thanks David, but even for that I need a password. I look at the documentation and to generate a token as well I need to have password for user.

 

david_r
Celebrity
  • david_rCelebrity
  • November 23, 2017

It all depends on the security level that's necessary for your environment.

One solution could be to manually generate a security token with an "indefinite" validity and store the token in your database. The security token should be generated for an "API-only" user with extremely limited rights.

Some arguments for this solution:

  • More convenient, as you can easily expire or regenerate tokens without affecting the API user's account password.
  • A secure password (as in Basic Auth) is basically identical to a secure token. Using the token you don't need to store the username in your database, one less thing to worry about
J
Forum|alt.badge.img+2
ayyaz_paracha wrote:
Thanks David, but even for that I need a password. I look at the documentation and to generate a token as well I need to have password for user.

 

Hi @ayyaz_paracha,

 

Do you know the password for this user?

 

Once you've generated the token you wouldn't need the password.

 

Another thing you could look at is using the Guest User

 

Reply


Helpful Members This Week

Community Stats

31,341
Posts
118,861
Replies
38,931
Members

Latest FME

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.