How to securely store credentials in AppEngine

Hello together,

we are just doing our very first steps in AppEngine (v11). We already have some processes but those were created by consultants.

One thing I found a bit irritating was that two different consultancies (of which on was Infor) stored DB credentials directly in the AppEngine Script. So everyone who has access to the AppEngine Script (I suppose everyone who has access to the repository and has the process designer installed) could read out the user/pw combination. Are there any other/better ways to open the connections (DBs are Infor Cubes + SQL Server). In our case this scripts are used to copy data (e.g. from an input cube, where the calling user has write access, to an reporting cube the calling using shouldn't have write access, but should trigger the copy process). Or are there at least some options to revoke the rights for reading source code (is this the edit script right in repository roles or does this relate to Application Studio Scripting)?

BTW: Are there any improvements in managing AE Scripts/Versions in v12? It's a bit strange that Infor must delete not used versions or ones which were generated unintentionally on the database?

Thanks in advance,

Florian

Welcome To Solutions Development.docx

Find more posts tagged with

Infor EPM Discussions

Comments

akopczewski

Hi,

You could use configuration values. In Repository Administration in your project between Web Extensions and Attachments are Configuration Values. You can define and store there more sensitive informations. In your engine script just use command string CV(cv_unique_name) to get this value. Still not perfect but access can be limited. In v12 this is updated and it's safer to store passwords.

If you need to just login to OLAP using token should be better. For SQL databases Integrated Security remove the need for plain text passwords.

Cheers

Artur

florian-konath

Hi Artur,

thanks for the fast answer, this seems to be an option, but also here it's stored in clear text. Access would be restricted just by not installing Infor BI Repository Administration or are there any other restrictions available? Nevertheless if I'm right, one could just create a Application Engine Script and read out the variable if one knows the name. So basically it's not a big advantage?

Thanks ad best regards

Florian

akopczewski

Hi Florian,

If you have access to Application Engine Editor, you can write any script using connection method from any other script. So even without knowing exact credentials it's simple to write engine script that will print any table to file or drop database.

We in Codec use 3 different approaches (well, maybe more, but only this 3 comes to my mind right):

1. If no one but us has access to application engine editor, just store credentials in plain text or use CV(). Usually used during demo presentations and proofs of concept. CV function is kind of pointless, as you said, you can: WriteLine(CV(name)); . BUT if you change passwords every month it saves some hassle.

2. If some user has access, but it's unimportant who they are or everyone have the same permissions, we create "Infor_Engine_User" user in SQL database. There, we give it minimal access to database, just for tables needed. If user know the password, they can't do more, than it would using engine.

3. If it is important who access database or permissions vary from user to user we try to use integrated security in sql connection string. Domain users are added in database and SQL manage access and permissions. No credentials needed.

In most cases second approach and limiting access to application engine editor is sufficient.

Kind regards,

Artur

Robert Thomas

Re your question about getting rid of processes and versions: In V12, when you publish a process, you have the option to delete all older versions. Also, you can delete a process as well.

florian-konath

Hello together,

thanks for the hints and especially the information that there will be improvements in v12. For the time being we used CVs together with a string encryption, to store the information in a slightly more secure way.

Best regards

Florian

Copyright © 2025 Infor. All rights reserved.