Stored passwords and connection strings

P

PMrb

Member²
Hi Marco

We have problem with security and plsqldeveloper 9 - problem with stored connection and password list.
Problem is that passwords and connection strings are stored in user.prefs. This passwords in prefs are encrypted which is good. But if someone copy this user.prefs to his computer he will be able to connect to all stored connections with username and passwords stored here, which is problem. I believe that solution will be to give there higher security level. I mean another master password to this user.prefs after which connection list will open.
So it can work this way

Ill open plsqldeveloper, it will ask me for user defined master password. If this password will be ok it will open connection list for me (if it will be wrong connection list will be empty) and it will be open all the time till Ill close plsqldeveloper instance. If Ill open new instance it will ask me for master password again.

Will this be possible?

Thanks for your reply

Pavel
 
I have added this to the list of enhancement requests.

Until then, if password security is an issue, you should not enable the "store with password" option.
 
There is no way how to control all users which in our organization use plsqldeveloper (this means hundreds of them) that no one of them will not enable store with password option on in future even if we will turn it off on their computers now.

Just to ask - when I turn this function off in configuration the passwords will be deleted from user.prefs if they are stored there?

When I speak about config file it will be nice to have in future two separate files for user.pref - one with configuration and one with stored connections. Then I may be able rewrite this configuration file with default configuration every night :) to be sure that users use only configuration I want to. This is nice to have thing, but not necessary now..

Anyway thanks that you added this on enchancement requests list - any estimation when this may be done? I dont need exact date - just some presumption - like till september, till end of the year... something like that, so I may inform our internal security team. Thanks.
 
Just to ask - when I turn this function off in configuration the passwords will be deleted from user.prefs if they are stored there?
Click to expand...
Yes.

Anyway thanks that you added this on enchancement requests list - any estimation when this may be done?
Click to expand...
It will probably be the 4th quarter.
 
Last edited:
You must log in or register to reply here.

Similar threads

I
  • Discussion Discussion
Multiple Connections' Recent List: Any ability to remove items?
Replies
2
Views
508
IFS
I
T
  • Discussion Discussion
PL/SQL developer simultaneous connection to OCI db with two difrerent wallets
Replies
3
Views
197
Frank Huijbreghs
Frank Huijbreghs
J
  • Discussion Discussion
SQL windows not opening correct DB connection
Replies
10
Views
3K
Marco Kalter
Marco Kalter
Z
  • Discussion Discussion
Rename on Tab Doesn't Affect File
Replies
1
Views
232
Marco Kalter
Marco Kalter
G
  • Discussion Discussion
new instance opens with the title of workset
Replies
2
Views
1K
gad
G
Back
Top