Skip to main content
Solved

ParameterFetcher Password

egge
Contributor
Forum|alt.badge.img+14
  • eggeContributor
  • Contributor

Just a minute ago I did discover something I did not know yet: it is possible - to my surprise - that it is possible to retrieve a password stored in a User Parameter using a simple ParameterFetcher!

Passwords stored in User Parameters are encrypted (see e.g. this post), but the ParameterFetcher just returns the decrypted password in plain text... :-(

So everybody with access to a workspace with passwords and FME Workbench can just use this fetcher to retrieve all passwords.

OK - maybe I have been a little naive... :-) But this is surely something to take into consideration.

Best answer by nielsgerrits

Aye, this is why Database- and WebConnections exist.

View original
Did this help you find an answer to your question?

7 replies

nielsgerrits
VIP
Forum|alt.badge.img+54
  • nielsgerritsVIP
  • Best Answer
  • June 9, 2023

Aye, this is why Database- and WebConnections exist.

redgeographics
Celebrity
Forum|alt.badge.img+50

And why later versions of FME will always offer to password-protect a workspace that contains a password. Still, this is good to know!

david_r
Celebrity
  • david_rCelebrity
  • June 9, 2023

Yeah, it's a fairly well known issue. Unless you're using web- and database connections, in my opinion there's not really any realistic way of protecting the passwords from someone that can modify or replace the workspace.

egge
Contributor
Forum|alt.badge.img+14
  • eggeContributor
  • Author
  • Contributor
  • June 9, 2023

Thanks for all your answers. Did implement a Web Connection to secure my credentials 🌻

nielsgerrits
VIP
Forum|alt.badge.img+54
redgeographics wrote:

And why later versions of FME will always offer to password-protect a workspace that contains a password. Still, this is good to know!

If I understood well, password protection on workspaces is also limited, as the software is able to decode it, correct?

david_r
Celebrity
  • david_rCelebrity
  • June 12, 2023
nielsgerrits wrote:

If I understood well, password protection on workspaces is also limited, as the software is able to decode it, correct?

You may want to look at the answer to "How secure is a password protected workspace?" here: https://community.safe.com/s/article/password-protection-for-fme-workspaces

"I tried a number of ways to view a protected workspace in a text editor, or otherwise access the content, and couldn't."

Yeah, as an official response that's a bit... lacking... Personally I wouldn't consider the workspace password protection as anything more secure than a hindrance to the average viewer.

redgeographics
Celebrity
Forum|alt.badge.img+50
nielsgerrits wrote:

If I understood well, password protection on workspaces is also limited, as the software is able to decode it, correct?

To be fair, I seem to recall Safe mentioning this a number of times: the password protection won't hold up to serious cracking attempts.

Reply


Helpful Members This Week

Community Stats

31,360
Posts
118,961
Replies
38,996
Members

Latest FME

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.