Skip to main content
Solved

ParameterFetcher Password

  • June 9, 2023
  • 7 replies
  • 179 views
egge
Contributor
Forum|alt.badge.img+14
  • eggeContributor
  • Contributor
  • 102 replies

Just a minute ago I did discover something I did not know yet: it is possible - to my surprise - that it is possible to retrieve a password stored in a User Parameter using a simple ParameterFetcher!

Passwords stored in User Parameters are encrypted (see e.g. this post), but the ParameterFetcher just returns the decrypted password in plain text... :-(

So everybody with access to a workspace with passwords and FME Workbench can just use this fetcher to retrieve all passwords.

OK - maybe I have been a little naive... :-) But this is surely something to take into consideration.

Best answer by nielsgerrits

Aye, this is why Database- and WebConnections exist.

This post is closed to further activity.
It may be an old question, an answered question, an implemented idea, or a notification-only post.
Please check post dates before relying on any information in a question or answer.
For follow-up or related questions, please post a new question or idea.
If there is a genuine update to be made, please contact us and request that the post is reopened.

7 replies

nielsgerrits
VIP
Forum|alt.badge.img+60
  • nielsgerritsVIP
  • 2938 replies
  • Best Answer
  • June 9, 2023

Aye, this is why Database- and WebConnections exist.

Buckle your seatbelt Dorothy, cause Kansas is going bye-bye...
redgeographics
Celebrity
Forum|alt.badge.img+59
  • redgeographicsCelebrity
  • Celebrity
  • 3700 replies
  • June 9, 2023

And why later versions of FME will always offer to password-protect a workspace that contains a password. Still, this is good to know!

FME rocks! \m/
david_r
Celebrity
  • david_rCelebrity
  • 8392 replies
  • June 9, 2023

Yeah, it's a fairly well known issue. Unless you're using web- and database connections, in my opinion there's not really any realistic way of protecting the passwords from someone that can modify or replace the workspace.

egge
Contributor
Forum|alt.badge.img+14
  • eggeContributor
  • Author
  • Contributor
  • 102 replies
  • June 9, 2023

Thanks for all your answers. Did implement a Web Connection to secure my credentials 🌻

nielsgerrits
VIP
Forum|alt.badge.img+60
  • nielsgerritsVIP
  • 2938 replies
  • June 12, 2023

And why later versions of FME will always offer to password-protect a workspace that contains a password. Still, this is good to know!

If I understood well, password protection on workspaces is also limited, as the software is able to decode it, correct?

Buckle your seatbelt Dorothy, cause Kansas is going bye-bye...
david_r
Celebrity
  • david_rCelebrity
  • 8392 replies
  • June 12, 2023

If I understood well, password protection on workspaces is also limited, as the software is able to decode it, correct?

You may want to look at the answer to "How secure is a password protected workspace?" here: https://community.safe.com/s/article/password-protection-for-fme-workspaces

"I tried a number of ways to view a protected workspace in a text editor, or otherwise access the content, and couldn't."

Yeah, as an official response that's a bit... lacking... Personally I wouldn't consider the workspace password protection as anything more secure than a hindrance to the average viewer.

redgeographics
Celebrity
Forum|alt.badge.img+59
  • redgeographicsCelebrity
  • Celebrity
  • 3700 replies
  • June 12, 2023

If I understood well, password protection on workspaces is also limited, as the software is able to decode it, correct?

To be fair, I seem to recall Safe mentioning this a number of times: the password protection won't hold up to serious cracking attempts.

FME rocks! \m/

Community Stats

32,070
Posts
121,771
Replies
39,696
Members

Latest FME

Terms & ConditionsCookie settingsAccessibility statement
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.