IBM Data and AI Ideas Portal for Customers


This portal is to open public enhancement requests against products and services offered by the IBM Data & AI organization. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:


Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,


Post your ideas

Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

IBM Employees should enter Ideas at https://ideas.ibm.com


Add a new idea Subscribe
Status Delivered
Workspace Connectivity
Created by Guest
Created on Jan 25, 2022

RELATED IDEAS

To tighten security, disable Users from accessing their credentials in secrets, but allow access from flight service only

Currently their are some security holes in the product in that users can read out credentials from secrets. This can happen accidentally or deliberately through a malicious user. Consequence is that credentials stored can be exposed and used elsewhere. A User should only be able to maintain their credentials for their secrets through a dedicated administration UI. Anywhere else a User should never be able to access their credentials. However, currently exactly this is possible and expsoing anyone using these from credentials to get extracted. As a result the idea is to close this hole. However at the same time the flight service must be able to access such credentials for instance to add credentials to connections to backend systems. It should be limited to flight service only as the only service allowed to read credentials from secrets. Following this approch will allow creation of safe applications were noone accidentally or deliberately can extract and expose credentials.
Needed By Quarter
  • Guest
    Reply
    |     Apr 4, 2022

    use a private connection not a solution either, as we are already working with a private connection and the password is still exposed. Please note that this is the second time (the first suggestion was to use personal credentials instead of shared credentials) we reply to a workaround suggestion that is not a solution and have lost time. We have suggested Flight Service as the solution to this problem since the beginning. Before suggesting another solution that does not involve Flight Service, please be so kind and speak with us. We are more than happy to spare you some time!

  • Guest
    Reply
    |     Feb 23, 2022

    Labeling this as 'future consideration' for now. This is certainly a strategic direction for us as a product (trust in data), but Watson Studio is not yet ready to add this to the roadmap as we have dependencies on other teams to complete their research. This idea will be reevaluated after that research is complete.

  • Guest
    Reply
    |     Feb 3, 2022

    Thanks for providing information.

  • Guest
    Reply
    |     Jan 25, 2022

    On behalf of Klaus: We want to use a Technical User in a shared connection in an R-Studio environment to use these on a oDBC connection to a backend database. The credentials are currently stored in that connection. All users are granted viewer rights so they can use this connection. Unfortunately all users can thus read out the credentials from the connection.

    To avoid this issue we would like to use secrets and flight service. However IBM engineering has confirmed that similar issue exists here too where a user can read out credentials stored in a secret and accidentally or deliberately expose that to anyone. We want only the flight service be able to read such credentials to be used on bespoke ODBC connection

  • Guest
    Reply
    |     Jan 25, 2022

    Hi Klaus,

    Can you please provide examples of these security holes on CPD? thnx.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.