Home
Forums
FME Flow
Security

Security

Permissions, roles, and administration. Security in data processing.

125 Posts
371 Replies

When you subscribe we will email you when there is a new topic in this category

125 Posts

Recently active

Most replies Most views Newest first

christophermoss

asked in Security

FlexNet to support other products

We currently have FME-supplied Flexnet running on a Windows server and would like to use the same daemon to licence another product. I have checked in the manual and the suggestion is that I simply need to tweak the other product licence file to point at a different port. However as the current Flexnet install does not show FME as he vendor file, when I try adding a vendor file it causes and error as it can’t find the FME licence file. I did put the other product’s licence file in the same folder as the FME file. I have also spotted a post that suggested adding the second products licence to the same file with FME pointing at the default port (27000) and the other product point at a second port.Can you advise what is the best approach?ThanksChris

s.jagerContributor

asked in Security

FME Desktop 2022.2.5 is flagged as having security weaknesses

Hello,FME Desktop 2022.2.5, using OpenSSL 3.0.8.0, is being flagged by Defender as having three weaknesses: CVE-2023-0464, CVE-2023-0465 and CVE-2023-0466. I can't find anything here about these three: Is there anything known about them? CVE-2023-0465 and CVE-2023-0466 are being re-analyzed, so I appreciate that we need to wait for the outcome of that analysis, but CVE-2023-0464 could potentially be quite harmful. Thanks,Stefan

virtualcitymattEvangelist

posted in Security

Just FYI - web connections and database connections are now available with python

In case you missed it you can now access web connection and database connection details in python now.Using the SystemCaller and PythonCallers in the past have always enabled remote code execution but since FME 2023 now your connections are also exposed. Just a reminder to never run what you don’t trust.

joshuajames1979Contributor

asked in Security

Setting up a web connection in FME Workbench with OAuth2

Hi there, we are looking at making an OAuth2 connection so that we can pull back JSON files from our Asset Management System in TechOne so that we can then populate our SQL data. I thought FME Workbench would be a lot cleaner than using Python, however I am struggling to connect when setting up a web connection. I receive “an error has occurred” when testing. Out of the three requirements I am unable to set the third one, which is most important. This being grant_type in the body needs to be set to “client_credentials”. Is there any way to change this? I read that you can’t so trying to see if there is a workaround.I read online some are suggesting a REST API but not sure if that’s the way to go in FME Workbench.Regards,Josh

lifalin2016Contributor

asked in Security

Sudden server app token permission change in FME Server/Flow 2022.2.x ?

Hi all.Our FME Servers using version 2022.2.x have been running fine for over a year now, but suddenly (in the last month or so) the existing server apps have begun to fail, stating missing token permission to server and database connections as the cause.What’s causing this sudden change in behaviour ?The server apps have been running without problems until this started.Cheers. EDIT: It worked June 27 but failed June 28.

asked in Security

Is FME Server / Flow vulnerable for Apache ActiveMQ CVE-2023-46604 https://www.cve.org/CVERecord?id=CVE-2023-46604

Is FME Server / Flow vulnerable for Apache ActiveMQ CVE-2023-46604 https://www.cve.org/CVERecord?id=CVE-2023-46604

schulte.aContributor

asked in Security

Making a Workspace App, is there a way to get a username verified with windows authentication/SSO, and have that username be a parameter in the workspace?

I am making a self service map generator workspace app. My want is to be able to verify a username by using either SSO/Windows authentication. then I have a script that has outputted all the groups and its users in our ArcPortal in a spreadsheet. so I can relate their username to the group they’re in which then I’ll use a testfilter as to what layers each group is allowed to use in their map. Unless there’s an easier way to go about this?

krlemContributor

asked in Security

Is there a way to restrict access to python os module in FME Flow?

As we all know, FME supports use of Python in workbenches, either via PythonCaller, scripted parameters, etc. The risk I see though is, that unexperienced user or malicious insider could potentially run Python code with access to Operating System commands (os.system for example) and create some damages (delete shared data folder contents, remove some files or corrupt Engine host, map external drives and copy data there, etc., you name it).What are the best practices to restrict access to this type of Python modules? Is there any built-in functionality in FME Flow that could help to address this security concern?

todd_davisContributor

asked in Security

Moving user data between Active Directory (AD) to Azure Active Directory (AAD or ME-ID) in bulk

Hi,I have a basic outline of how I would do this with FME Rest API, but wondering if anyone else has done it already in a comprehensive fashion, or whether Safe may have already created something for it? @siennaatsafe We are moving from Active Directory to Azure Active Directory (new name: Entra ID) in FME Flow. I just need to be able to move all user content and roles to a new AAD (new name: ME-ID) user.For instance:group: FME from AD already exists, but I am going to import group: FME from AAD and then switch all the content and role capabilities for all the underlying users. Happy to take anyone's learnings as well, just to ensure we don’t overlook anything? Cheers,Todd

jiranek_hsroObserver

asked in Security

how to integrate Flow Apps through iframe into another web site?

Hi everyone, is there a way how to integrate Flow Apps through iframe into another web site page. There is a block in CORS setting Flow Apps strict-origin-when-cross-origin. Any idea? Kindly regards

gjaguilarContributor

asked in Security

Error writing to a hard drive on another server

I am starting with FME Server and can someone help me understand and learnI have a download process that runs on a virtual machine with Windows Server 2019 data center (Server 1) and it must write a file to a disk of another virtual machine that also has Windows Server 2019 data center (Server 2), but I gives permissions error. I understand that the process is executed with a user created in the FME Server, in this case of type System.My doubts are:Should the user created on the FME Server also be created as a user on Server 1 and have write permissions to the Server 2 disk?Should the user be changed in FME Server to Directory Server type or is it not necessary?

mariasContributor

asked in Security

Can't create FME Flow backup

I am trying to create FME Flow backup in order to upgrade it to the newer version.Current version is FME Server 2020.2. I am getting the following error:Tried many times and cleaned drives a bit. Previous backup was about 100 Mb. So it should be more than enough space for the new backup: What can be wrong, how I can fix this? Thank you in advance.

sameerContributor

asked in Security

Pen test Remediation required - Enable HSTS and Hide Email server type / version

FME Flow 2023.2.1Build 23774 I’m planning on upgrading FME Form / Flow this weekend which includes fixing the following vulnerabilities detected from our internal Pen Test. USR-640 Email Servers Advertise Software Type and Version Removing the software banner from the email server is typically done in the configuration file, for example sendmail.cf or postfix.conf.Is it possible to fix this and where would the file(s) be located?What change should take place? USR-622 HSTS Missing from HTTPS ServerIs it simply enough to add the following to the web.xml config file? <filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>hstsEnabled</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>hstsMaxAgeSeconds</param-n

brian_sParticipant

asked in Security

Workspace Parameter Validation Error

I am trying to add a user to a Workspace in FME Flow 2023.1. I get a message ‘Parameter Validation Error’ when I click OK.

megrandfilsObserver

asked in Security

No emails or response from FME

Hi I am not sure what to do at this stage and was wondering if anyone had any insight. I tried to enrol to do an online course and created an account using my work email. I have not received any emails to verify the account and I have tried to have a verification and password reset email sent with no luck either. I have sent an email to info@FME with no response as well. I tried to recover my old password from a FME account using my home email address as well with no response. Email addresses are correct, and I have check SPAM folders. Any suggestions on who to contact at this stage? Regards Mark

aaronContributor

asked in Security

Users and Roles - How to give access to all items in a category by default

I have an FME role where I want all users assigned to it to be able to access all of the items in Repositories and Schedules by default. At this time (FME Flow 2023.2), it appears I have to add any newly published workspace or schedule to the role for users in that role to see it. Yes, I can “Select All” but our respositories and schedules are dynamic and it would be nice to “set it and forget it” rather than have to manually intervene on a regular basis. Is it possible? Hoping I am missing something.

vxn43Supporter

asked in Security

Add AD User Name into FME Flow

I am using FME Flow 2021. Is there a way to add Active Directory User Names and credentials into FME Flow? Sort of like SSL/SSO with ArcGIS Enterprise. My goal would be to be able to use the same user credentials I use on our network for logging into FME Flow. Currently, my FME Flow has a domain user name, but the user names in FME Flow are built in.

dbryantgeoContributor

asked in Security

FME Flow Web Connection requiring constant reauthentication

We have successfully created a Web Connection for Microsoft SharePoint Online and had it authorise on FME Flow and workflows use a FeatureWriter to update list items in SharePoint.However, periodically (we suspect each day) an administrator will need to RDP to the server that hosts FME Flow, access the Web Application and Authorise the Web Connection otherwise workbenches error with the following message.2024-2-12 09:46:10 | Microsoft SharePoint List Writer: Client-side error: '401 Client Error: Unauthorized for url: URL' returned from SharePoint. Error message was: '' I have a suspicion that this is because as our FME Flow is hosted on-premise and is not configured for HTTPS. However, as the web connection maintains authorisation for a period of time I’m not 100% convinced.Has anybody experienced this behaviour in the past? How was it solved?We do have a ticket open with our infrastructure team to configure FME Flow for HTTPS and if this is the prime suspect then we can use this to pu

kirkenContributor

asked in Security

Get database connections and parameters from FME REST API

Hi!I would like to get all database connections and additional information (e.g host, service name, username etc ) from FME REST API. I know that I can get all database connections with this request:https://FMEServerName/fmerest/v3/security/categories/NamedConnections/resources?limit=-1&offset=-1 it gives owner, display name, permissions, name, but not connection parametes. Is it somehow possible to get connection parameters as well? Thanks!

hermannContributor

asked in Security

Antivirus regards fme form 2023 as malware

While trying to download this file https://downloads.safe.com/fme/2023/win64/fme-form-2023.2.2-b23781-win-x64.exe trend apex one antivirus regards it as malware.

dewrightcoContributor

asked in Security

With Upgrade to Flow 2023.0.0.3 , Single-Sign-On now fails

I upgraded my Development machine Thursday, and install ran smooth, import of backup ran smooth. Checked settings and all appear to match up with Staging and Production, but unable to get Single-Sign-On to function again. Negotiation reported an error: "Failure unspecified at GSS-API level (Mechanism level: Encryption type RC4 with HMAC is not supported/enabled)". All three of my systems use the same Service-Account, and Staging and Prod have not issue, and Dev worked fine until the upgrade.

annette2Contributor

asked in Security

FME Server - deleted an fmeadmin user and now schedules are not triggering

Hi all,What is the correct process to delete admins from FME Server. I deleted 3 fmeadmin users, testing before that any schedules or automations would be assigned to another user etc. Today many of our schedules who are owned by a completely different user are not working. They also don't work if I do a manual trigger. Recreating the schedule does work. Re-adding the user doesn't. I see in the Completed jobs that the schedules that ran before I deleted user have a reference to a Deleted user. I think the only way to fix this is to manually try to trigger each of our 25 job and recreate the schedule on acceptance and production. Any other ideas would be appreciated. And it would be interesting to know what is the correct procedure? Did I miss something? We are using Server 2021 but this server has been upgraded with an old backup since approx 2015 version.

asked in Security

I have a workbench that reads/writes CSV files to a network location. It works fine from my desktop but when published to FME Flow i get permission errors reading and writing. What user is FME Flow using to read/write to the network? any other worka

I have a workbench that reads/writes CSV files to a network location. It works fine from my desktop but when published to FME Flow i get permission errors reading and writing. What user is FME Flow using to read/write to the network? any other workaround

asked in Security

Connection Security in System Email Settings is set to "None ". But when FMEFlow "Email results" it uses "SSL/TLS". email.log INFORM main 801026 : Connection Security : SSL/TLS ERROR main 801031 : Invalid SMTP server.

Is this a bug in FME Flow 2023.1 Build 23619 - win64?

asked in Security

I want to encrypt generated output shapefile via PGP encryption in FME. How we can achieve this?

I want to encrypt generated output shapefile via PGP encryption in FME. How we can achieve this?

1
2
3
4
5

Page 1 / 5

Badge winners

gis_galhas earned the badge Integrate Spatial Data
saravananhas earned the badge English Speaker
saravananhas earned the badge Student (Grey)
saravananhas earned the badge Welcome Back
saravananhas earned the badge FME Form Advanced Training

Show all badges

29,355: Posts

Powered by Gainsight

Terms & Conditions Cookie settings

Sign up

Already have an account? Login

An FME Account is required to contribute

Login

Login to the community

An FME Account is required to contribute

Login

Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.

Enter your e-mail address

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

OK

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.

OK

A product of

Company Products Giving Back Careers Contact Privacy Feedback

Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.