I would like to propose an enhancement to FME Flow regarding administrative security.
Although administrators are already authenticated when logged into the system, certain critical actions pose a significantly higher risk and impact. These include, for example:
-
Creating or restoring backups
-
Connecting or modifying Authentication Services
-
Adding or deleting users
-
Changing security-related configurations
-
Other high-impact administrative operations
To increase security and reduce the risk of unintended or malicious changes (e.g., in case of session hijacking, unattended sessions, or compromised credentials), I propose that FME Flow require administrators to re-enter their password before executing such critical actions.
This additional verification step would:
-
Strengthen security for sensitive operations
-
Reduce the risk of accidental misconfiguration
-
Align with best practices for secure administrative interfaces
-
Provide an extra layer of protection without significantly impacting usability
The re-authentication prompt should only appear for clearly defined high-risk actions to maintain a smooth user experience for routine administrative tasks.
