Can these passwords be extracted from the workbench files? I am concerned from a security standpoint.
Solved
How do database connection passwords get saved in workbenches?
Best answer by david_r
You should never save any important passwords in your workspace files if you're afraid they might get into the wrong hands.
For someone who is moderately proficient in FME it is quite easy to extract the database connection password into clear text if they have access to the fmw file.
As an added layer of security you could consider also password-protecting the workspace file. Although this is no guarantee, it will help a bit. More info here: https://knowledge.safe.com/articles/603/password-protection-for-fme-workspaces.html
In the more recent versions of FME there is the concept of a named database connection, which is defined independently from the fmw file, and for which the encryption is much stronger. Highly recommended: https://docs.safe.com/fme/html/FME_Desktop_Documentation/FME_Workbench/!NamedConnections/Using_Database_Connections.htm
This post is closed to further activity.
It may be an old question, an answered question, an implemented idea, or a notification-only post.
Please check post dates before relying on any information in a question or answer.
For follow-up or related questions, please post a new question or idea.
If there is a genuine update to be made, please contact us and request that the post is reopened.
It may be an old question, an answered question, an implemented idea, or a notification-only post.
Please check post dates before relying on any information in a question or answer.
For follow-up or related questions, please post a new question or idea.
If there is a genuine update to be made, please contact us and request that the post is reopened.
- Best Answer
You should never save any important passwords in your workspace files if you're afraid they might get into the wrong hands.
For someone who is moderately proficient in FME it is quite easy to extract the database connection password into clear text if they have access to the fmw file.
As an added layer of security you could consider also password-protecting the workspace file. Although this is no guarantee, it will help a bit. More info here: https://knowledge.safe.com/articles/603/password-protection-for-fme-workspaces.html
In the more recent versions of FME there is the concept of a named database connection, which is defined independently from the fmw file, and for which the encryption is much stronger. Highly recommended: https://docs.safe.com/fme/html/FME_Desktop_Documentation/FME_Workbench/!NamedConnections/Using_Database_Connections.htm
+23- Contributor
Since FME 2016 database connections can be saved as named connections.
Only the name of the connection (user defined alias) is stored in the FMW file.
You can reference the connection in multiple workspaces by name only.
The database credentials are stored in a binary external file (SQLite database).
+18- Supporter
And that file is usually saved under your user settings or you can specify the location via the FME options