Security concerns when generating an ArcGIS token

Chris Dunlop

June 17, 2020 21:41

Hello, I've written a client-side workflow that lets the user draw a graphic and enrich it with Esri enrichment service. To do this, I pass the geometry to a server side workflow. This then generates a token using our Esri credentials, and sends a web request to the Esri enrichment server to get some population data, which are returned to the client-side workflow.

 

What I'm wondering is, is the server-side workflow secure? It contains our Esri credentials. This workflow will be available to the public, so I think I'll have to share it with everyone. Does this open up any security holes? Could someone outside the organization with Workflow Designer open it? I guess I'm wondering what security best practices are.

 

Thanks,

 

Chris

0

• 

  Stefan Schweigert

  June 18, 2020 17:04

  Hi Chris,

   

  While you are correct that the server workflow does need to be shared, the server-side workflow cannot be loaded directly outside of your access within the organization. The item that appears in Portal or ArcGIS Online is not the workflow itself, but a client 'wrapper'. Anything confidential is saved to disk within your Server instance; opening the server workflow directly will display an error.

   

  Thanks, Stefan

  0
• 

  Chris Dunlop

  June 18, 2020 21:50

  Thanks Stefan, I'll go ahead and open it up to the public.

   

  Chris

  0

Please sign in to leave a comment.