Security

[expired user #4681]'s profile image [expired user #4681] posted 14 years ago in General Permalink
Hello there!
At first I want to say that HeidySQL is great, really great.
I have one question - where are stored saved passwords ? I want to know it because of security reason ..
ansgar's profile image ansgar posted 14 years ago Permalink
Registry:
HKEY_CURRENT_USER\Software\HeidiSQL\Servers\[Your session name]\Password

The password value is encrypted using a homebrown obscure method, which is not very strong but should be good enough to have it not hacked in 5 seconds.
[expired user #4681]'s profile image [expired user #4681] posted 14 years ago Permalink
Thank you for answer. I'm affraid that it's not very secure way.. Have you ever think about storing password encrypted by for example "AES Crypt" and protect them with master password ?
ansgar's profile image ansgar posted 14 years ago Permalink
Not yet. As I don't have a clue how to accomplish that using Delphi.
gvlastos's profile image gvlastos posted 2 years ago Permalink

Hello Ansgar,

Is Heidisql still storing passwords using homebrown obscure method? If something changed, how stored pawwords are encrypted?What method or algorith is used?

ansgar's profile image ansgar posted 2 years ago Permalink

The old encryption is still being used in v12.0.

I recommend to use the "Prompt for credentials" option for sensitive servers.

gvlastos's profile image gvlastos posted 2 years ago Permalink

Any timeline to improve it, please?

gvlastos's profile image gvlastos posted 2 years ago Permalink

Is there any way to enforce "prompt credentials"? How can we delete the existing credentials without tampering the registry?

ansgar's profile image ansgar posted 2 years ago Permalink

You can clear the credentials first, in the session manager. Then activate the prompt checkbox.

Please login to leave a reply, or register at first.