Hi All, I'm looking to use thrid-party credentials to store login info

rawich over 8 years ago

Hi All,
I'm looking to use thrid-party credentials to store login info and other environment-specific properties following this documentation:
forum.appian.com/.../Appian_Administration_Console.html

But I'm finding this doesn't seem very secure, and want to see if anyone has addressed these issues, and how?

1) Password listed as clear text in the 3rd-part credentials under admin console. This is the same issue as storing password as Constant. Masking is available, but only for end-user personal credential.

2) All credential changes result in a audit log message with both the previous new values.

Thank you,
-Rawich

Discussion posts and replies are publicly visible

0 Eduardo Fuentes
Appian Employee
over 8 years ago

1. Data inside constants is not encrypted when it is stored. Secured Credentials are encrypted in the database

2. Constants are accessible (configurable) by basic users in the environment. The Admin Console is not

3. Audit log only records changes in properties. Secured Credentials fields are not properties, therefore not logged.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 rawich over 8 years ago

Thank you, Eduardo. So the only one concern left is the clear text password showing in the admin console.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Eduardo Fuentes
Appian Employee
over 8 years ago

Only a small set of trusted users should be System Administrators. They'll be the ones with access to these settings. If this is a concern you should force individual users to set their own credentials and make the System Wide contain any password (note that for users who haven't set them this will fail if the system wide are no valid)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel