Appian Community
Site
Search
Sign In/Register
Site
Search
User
DISCUSS
LEARN
SUCCESS
SUPPORT
Documentation
AppMarket
More
Cancel
I'm looking for ...
State
Not Answered
Replies
3 replies
Subscribers
5 subscribers
Views
1814 views
Users
0 members are here
Share
More
Cancel
Related Discussions
Home
»
Discussions
»
Integrations
Hi All, I'm looking to use thrid-party credentials to store login info
rawich
over 8 years ago
Hi All,
I'm looking to use thrid-party credentials to store login info and other environment-specific properties following this documentation:
forum.appian.com/.../Appian_Administration_Console.html
But I'm finding this doesn't seem very secure, and want to see if anyone has addressed these issues, and how?
1) Password listed as clear text in the 3rd-part credentials under admin console. This is the same issue as storing password as Constant. Masking is available, but only for end-user personal credential.
2) All credential changes result in a audit log message with both the previous new values.
Thank you,
-Rawich
OriginalPostID-171747
OriginalPostID-171747
Discussion posts and replies are publicly visible
0
Eduardo Fuentes
Appian Employee
over 8 years ago
1. Data inside constants is not encrypted when it is stored. Secured Credentials are encrypted in the database
2. Constants are accessible (configurable) by basic users in the environment. The Admin Console is not
3. Audit log only records changes in properties. Secured Credentials fields are not properties, therefore not logged.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
rawich
over 8 years ago
Thank you, Eduardo. So the only one concern left is the clear text password showing in the admin console.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
Eduardo Fuentes
Appian Employee
over 8 years ago
Only a small set of trusted users should be System Administrators. They'll be the ones with access to these settings. If this is a concern you should force individual users to set their own credentials and make the System Wide contain any password (note that for users who haven't set them this will fail if the system wide are no valid)
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel