cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Workato Recipe Sharing Security

gordonhuworkato
Workato employee
Workato employee

This is more for workato team. I know we can set up permission so that a recipe is not by default available in the community.

Each recipe by default comes with a sharing URL, which is useful for sharing and for support.

However the URL is open (if you have it), and the string after โ€œstโ€ is not very long. So...I am wondering if there could be some malicious users harvesting the recipes by trying random recipe numeric number and the token.

I know the chance of getting a hit may be low but ... you never know. Canโ€™t underestimate the super computerโ€™s power ๐Ÿ˜…

I am wondering if this is on workatoโ€™s radar? I can see a few options:

Boxโ€™s approach:
1. Set up policy to auto expire share links after x days

2. Allow token regeneration ad-hoc

3. Allow manually extending the sharing period

Oktaโ€™s approaxh: disable sharing altogether and when workato support needs to get in, grant just in time access globally, or only to the recipe.

Thoughts?

5 REPLIES 5

deven-maru
Workato employee
Workato employee
Thanks Gordon. Yes, it needs to balance the need for security as well as the ease of sharing with support or other stakeholders.