Hexagon Geospatial
MENU

GeoMedia

Search for an answer, post a question, or answer other users' questions in our GeoMedia support discussions. This discussion board is a great way to collaborate with industry peers around the world. It is intended for discussion and support of the GeoMedia Desktop and Add-on applications.
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 106
Registered: ‎04-28-2016

privacy & pwd

wow

the password in the library are store without cripto .....

in this way the fundamental rules of the GDPR are not respected.

 

 

Regular Contributor
Posts: 207
Registered: ‎05-25-2016

Re: privacy & pwd

Hm, I would say passwords are a security not a privacy problem ...

Contributor
Posts: 106
Registered: ‎04-28-2016

Re: privacy & pwd

security or privacy this is a problem!


Regular Contributor
Posts: 207
Registered: ‎05-25-2016

Re: privacy & pwd

If it's only security, it's also a problem, right. But GDPR is respected ... Woman Wink

Staff
Posts: 160
Registered: ‎02-02-2016

Re: privacy & pwd

It may help to review GeoMedia Help topics on password persistence:

Contributor
Posts: 106
Registered: ‎04-28-2016

Re: privacy & pwd

i'm sorry but GDPR is NOT respected ! READ IT .....

Contributor
Posts: 106
Registered: ‎04-28-2016

Re: privacy & pwd

sorry for my poor english .....

but I do not understand your solution.....

the problem is the library:

in the table "connection", field "connectionstring" the password is readable

host=192.168.5.4 dbname=civici2018 user=pippone password=test2019 port=5432

this thing is not beautiful ....

 

thanks

Giulio

Technical Evangelist
Posts: 531
Registered: ‎09-11-2015

Re: privacy & pwd

Hi Giulio,

 

the password is a password to a 3rd party database, so the software which reads the library (GeoMedia, WebMap) must get the password and pass it to the database upon connection. Even if we know the hash algorithm the database internally use for password storage, it would not help us, since we could not recover the password from the hash, and there is usually no way to pass the password hash to the database directly.

 

So please advise, how should the password in the library be stored. It perhaps could be a simple cipher, which would obviously be easily to crack, and thus would have not a big benefit. So the only other options are:

  1. YOU make sure that the library database is protected as appropriate, so no unauthorized access to the library is allowed, which includes physical security of the storage media
  2. or choose domain authentication
  3. or choose not to store the password in the library, as pointed by psmith. In this case you will be prompted for the password every time the software attempt to establish the connection

There is nothing much more to do about it.

 

Pavel

Contributor
Posts: 106
Registered: ‎04-28-2016

Re: privacy & pwd

ciao Pavel,

thanks for your exhaustive reply.

I think it would be enough to manage the hash independently from 3rd party database.

 

note: i have post a idea ->  Support additional PostGIS authentication methods 

Highlighted
Staff
Posts: 160
Registered: ‎02-02-2016

Re: privacy & pwd

If the default value for the following registery is set to 0 (zero) then the password will NOT be stored in the library.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GDO\PostGIS Read-Write\1.0\Store Password

 

After the edit, the connect string for the library might look like the following:

host=myserver dbname=mydatabase user=wile_coyote password=* port=5432

 

I'm sure this falls short of your expectatons but wanted other readers to know that it is possible to suppress the storage of the password.

Do you need immediate support?
If you encounter a critical issue and need immediate assistance please submit a Service Request through our Support Portal.