Skip to main content
  • EN

Security

Permissions, roles, and administration. Security in data processing.

  • 148 Posts
  • 442 Replies
148 Posts
gkvoelkl
Contributor
gkvoelklContributor
asked in Security
fmedatadownload and security best practice

Hello,I am a newbie and want to use fmedownload api in our new webpage.what is the best way to integrate security?at the moment I would call the the get token service with user and password to get a temporary token.Then I would use this token and call fmedownload.Is that the best way? Will the token service be available in the future?thanksbest regards Gerhard

573
carlw
Safer
tibor
Participant
tiborParticipant
asked in Security
Vulnerability CVE-2023-44487 in Apache Tomcat 9.0.76.0

Hi,I get from our Security officer anmessage that there is an vulnerability dected on one of our servers.This server is has FME Flow 2023.2.2 Build 23781 - win64 which depend on Apache Tomcat.Can you tell me if there is an security risk? And how we can solve this?Thread is registered under: CVE-2023-44487.Thank you

484
david_r
Celebrity
lhcamm
Contributor
lhcammContributor
asked in Security
How could share web connection with only access permission not full permission?

Hi,I would like to ask if there is a way to share webconnections to group of users with partial permission (ie only access permission) not full permission. the issue with full permission that the shared users can be able to delete web connections I shared. I have to tried to take off their manager and create permission but still wont be able to let them do not remove the share connection.We are looking for a way can do partial permission setting up. Thank you very much. 😁 

192
lhcamm
Contributor
lifalin2016
Contributor
lifalin2016Contributor
asked in Security
Handling encryption security on FME Flow ?

I just reinstalled a test FME Flow 2024 (from .0 to .2), but was unable to restore a backup from the previous version. Something to do with encryption.This worries me, as we are getting close to wanting to upgrade our current 2022 servers.How can I make sure that backups from the old 2022 servers can be read by the new (2024) servers ?Thanks in advance.

395
redgeographics
Celebrity
kihen
Participant
kihenParticipant
asked in Security
FMEFlow affected by CVE-2024-50379 and CVE-2024-56337

Hi! I am getting a warning that FMEFlow is affected by CVE-2024-56337. I am running FME Flow 2023.1.1Is this correct?Is there a fix or are these CVE not applicable? Best regards/Kim 

2504
todd_davis
Influencer
runneals
Contributor
runnealsContributor
asked in Security
CORS errors

 We're sending CORS headers, but not getting them back. How do we get them back?

393
runneals
Contributor
bhk
Contributor
bhkContributor
asked in Security
Why FME Server Patch Notification Still There ? Even After Applying the Patch

Using FME Server 2021.1 Build 21607 - win64,  we have applied the Security Update: FME Flow Privilege Escalation Vulnerability using this link https://support.safe.com/hc/en-us/articles/31265482270349-Security-Update-FME-Flow-Privilege-Escalation-Vulnerability but even after applying the patch and re-starting FME services and even rebooting the hosting VM we are still seeing this message!  I know it is possible to just click on X and close this notification on admin page but I noticed that other team members who didn't close the notification still seeing that on page!Should we ask everyone to ignore it! shouldn't system automatically clear it?

762
j.botterill
Influencer
gpt_geoinfo
Contributor
gpt_geoinfoContributor
asked in Security
FME-Server: CORS-Error

Hey guys,Why do I get the error (some texts replaced for security reasons):Failed to load http://fme-serverdomain.com/fmedatadownload/repository/workspace.fmw?param1=somefile&param2=sometext&opt_responseformat=json&token=123456789&detail=high: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://someotherdomain.com' is therefore not allowed access.although I configured CORS to allow all hosts

934
runneals
Contributor
abirami
Participant
abiramiParticipant
asked in Security
SSL error while sending Email from FME Flow

Hi, I am trying to send EMAIL on Port 587 from FME Flow application (V 2023.1.1) and I get below error. Can someone please help on how to resolve this error? Do I need to specify port 587 on any configuration file? 

681
kennyo
Supporter
jvadvian
Contributor
jvadvianContributor
asked in Security
Azure AD SSO and embedded workspace app in ArcGIS Experience builder

HiWe are about to configure Azure AD (Entra ID) Integration to authenticate users to our FME Flow. There are some workspace applications (flow apps) that are embedded into an ArcGIS Portal Experience builder app. The authentication to the ArcGIS Portal is also done with Azure AD accounts. The idea is, that the end user will open the ArcGIS Portal web application and access the FME Flow workspace application from that platform, rather than re-navigate to the Flow app. If SSO is enabled, will the FME Workspace/Flow app application authenticate automatically without extra login to the workspace application, when it is accessed from the ArcGIS Portal Experience application, as it is embedded to the application? Current setup with basic user authentication and FME Flow user access control fully inside FME Flow naturally requires a log-in to the app OR requires the Flow app to be published without authentication, but we want to ensure security. Does anyone have experience with this kind of s

220
jvadvian
Contributor
ax_pflegpeter
Contributor
ax_pflegpeterContributor
asked in Security
Token for Repository Access

Hi,I created a token that is used in an HTTPCaller to download Workspaces from Flow via the Flow REST API. I granted the token only permission to access Repositories which worked fine but the problem is that as soon as a new repository is created, the initial permission is not extended for this new repos.  It seems that I either have to manually re-grant permissions everytime a new repository is created or grant “All Permissions”. Is there any better option?   

181
virtualcitymatt
Celebrity
felipeverdu
Enthusiast
felipeverduEnthusiast
asked in Security
Security update affecting FME Flow 2023.2.2

HiI am the admin in my organisation for FME Flow and I woke this mornig with this messagehttps://support.safe.com/hc/en-us/articles/31265482270349-Security-Update-FME-Flow-Privilege-Escalation-VulnerabilityThe problem is that I can’t access it even after it asked me to log in.​@safe can you point me out to the right issue so I can understand the vulnerability that it might implicate in out environment?Best regards,Felipe Verdú

5805
luke.hicks
Safer
francis
Contributor
francisContributor
asked in Security
Broadcast message from Safe Software on FME Flow

Today we saw this broadcast message from Safe Software on our FME Flow servers (2023.2.2):The link in the message is not working and I do not see any recent security issues. We have only external ports configured for dynamic engines and licenses. The FME Flow instance is not accesible from outside out network.I find a strange that they can create broadcast messages on our servers.That is all a bit suspicious, is anyone else experiencing the same? 

3688
francis
Contributor
poonam21
Contributor
poonam21Contributor
asked in Security
FME Flow Login Issue

Hi Folks,I have previously installed and worked on FME Server, with my last usage being approximately 2–3 months ago.However, I am currently unable to log in, and the system displays the following error message:Could someone please assist in identifying the cause of this issue and guide me on resolving it?Thank you in advance for your support.

533
redgeographics
Celebrity
ivanwriter
Contributor
ivanwriterContributor
asked in Security
For Added Security, Can the out-of-the-box admin Login Be Disabled?

Out-of-the-box, FME Flow has an admin login for administration (member of fmeadmin and fmesuperuser).As a measure of added security, can a different, less common, login name be used for administration? In other words, if I were to create a login for administration purpose named MickeyMouse, add MickeyMouse to fmeadmin and fmesuperuser roles, and disable admin, does that work? Are there gotcha’s with doing that? Is it a measure of added security?

452
redgeographics
Celebrity
ebygomm
Influencer
ebygommInfluencer
asked in Security
Stopping the current automation automatically - authentication

We currently have a process where an automation is stopped by any upstream failure triggering a workspace which contains a httpcaller with a call to the fme rest api to stop the automation. The request is configured to use $(FME_SERVER_WEB_URL) and an the Automation General Attribute/Key AutomationID to construct the request for the api so in this way it is generic. I’m wondering if there’s any way to use the user running the automation as authentication for the http request?

301
dylan.at.safe
Safer
daraghmccarthy
Observer
daraghmccarthyObserver
asked in Security
FTPCaller won't allow both username / password and public / private key

Hi, looking for help please. We are using FME Flow 2024.1.3 Build 24627 - linux-x64 on Ubuntu 24.04 and trying to connect to an external FTP server to transfer files from FME Flow. Our client who owns the FTP Server are asking us to authenticate with both username / password and public / private keys ; we’ve supplied our client with the public key which they’ve loaded successfully. We can connect ok manually using both username / password and public / private keys, but when we try from FME Flow it fails on the public / private key and forces us to enter the password.What we are looking for is a way to call using the public / private key and also specifying a password.  

522
debbiatsafe
Safer
nic_ran
Contributor
nic_ranContributor
asked in Security
How can I allow other users to edit my FME Server App?

I have created an FME Server App. Is it possible to provide permission for another user to edit the App?I have granted full permission to Create Apps and also to the specific App to my other user but I get this error message when the user tries to edit the App:This Server App is owned by "admin". Only the owner or a user who can manage FME Server security permissions can edit this App.This seems to be highly restrictive.

1535
kmulhall
Participant
sameer
Contributor
sameerContributor
asked in Security
Pen test Remediation required - Enable HSTS and Hide Email server type / version

FME Flow 2023.2.1Build 23774 I’m planning on upgrading FME Form / Flow this weekend which includes fixing the following vulnerabilities detected from our internal Pen Test. USR-640 Email Servers Advertise Software Type and Version Removing the software banner from the email server is typically done in the configuration file, for example sendmail.cf or postfix.conf.Is it possible to fix this and where would the file(s) be located?What change should take place? USR-622 HSTS Missing from HTTPS ServerIs it simply enough to add the following to the web.xml config file? <!-- Enable HSTS --><filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>hstsEnabled</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>hstsMaxAgeSeconds</param-n

995
steveatsafe
Safer
thomas89
Contributor
thomas89Contributor
asked in Security
Is it possible to make a FME web connection to Azure File Storage with Oauth ?

Dear reader,  I want to know if it is possible (if yes, how) to connect FME with an Azure File Storage with OAuth. The Azure connection transformer, AzureFileStorageConnector seem to not have a Oauth connection possible. Is this true and are there other ways to make an Oauth connection to Azure File Storage in FME Desktop? 

622
natalieatsafe
Safer
ecx
Supporter
ecxSupporter
asked in Security
FME Server: How to Determine what Web Connections are Authorised As

On fme server, web connections we can authorise the named connections as various accounts. How can we check what accounts these are currently authorised as?  Thanks

445
todd_davis
Influencer
A
alexcls
asked in Security
Running Workspaces as different users

Is it possible to run workspaces in FME Server as different user accounts i.e. service accounts? I am aware of running FME Services Engine as a different account. The issue there is that over time you will have to grant this account access to a lot of different resources and this would not be good cyber-security practice.

1254
sanaeatsafe
Safer
kevin_bourrand
Participant
kevin_bourrandParticipant
asked in Security
Is there a way to configure automatically permission for running a specific workspace ?

Hi everyone, This question is about the detailed permissions user/role management interface.We’ve been facing issues finding all permissions required to run a specific workspace, like allowing services, access to shared ressources data and to specific connexions.  The question is: Is there a hint to grant or list all these needed permissions to run a specific workspace ?  Thank’s in advance. Kevin

673
kevin_bourrand
Participant
ssmith_ftr
Contributor
ssmith_ftrContributor
asked in Security
FME Flow and scheduling jobs as alternate user account

We are upgrading to FME Flow 2024 and wanting to make some improvements. As part of this we want to know if we can have a user upload workbenches to FME Flow. Then login to FME Flow with their user account, but somehow build automations, streams, apps, and scheduled jobs to run under a different user account. We are trying to migrate from putting the all the running automations, schedules, and other items under individual user accounts. Instead we want to assign to a departmental account. Since we have FME Flow tied into our Active Directory this will prevent any permission issues of jobs not working when an employee leaves the company and their AD account is suspended. I didn’t really want to have every user login to FME Flow with the departmental user account. Then we won’t keep the individual repositories for workspaces and will become a mess. I know the GUI/Web Front End as-is doesn’t support this but trying to decide what approach I could do to solve this.My easiest thought is to

421
siennaatsafe
Safer
jonvelco
Contributor
jonvelcoContributor
asked in Security
SAML option missing in FME Flow Connection parameters in Form

Running 2023.2 (both Flow and Form) and I have SAML setup, configured, and working on Flow.  However, in Form, when I add a FME Flow Connection - the SAML drop down under Authentication is missing even though the documentation says it should be there.What am I missing?? Missing SAML option in Authentication drop down FME Flow:Our FME Flow site with SAML enabled Documentation:Documentation 

431
jonvelco
Contributor

Badge Winners

  • FME Flow Certified Professional
    rchoucrounhas earned the badge FME Flow Certified Professional
  • FME Certified Professional
    aaron_chaputhas earned the badge FME Certified Professional
  • Integrate Data with the FME Platform Training
    flmuenznerhas earned the badge Integrate Data with the FME Platform Training
  • Teacher (Grey)
    bmoody81has earned the badge Teacher (Grey)
  • Webinar Watcher (Grey)
    gruelle88has earned the badge Webinar Watcher (Grey)
Show all badges

Community Stats

31,327
Posts
118,852
Replies
38,954
Members

Latest FME

Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.