Advent of Code is back! Unwrap daily challenges to sharpen your Alteryx skills and earn badges along the way! Learn more now.
Community is experiencing an influx of spam. As we work toward a solution, please use the 'Notify Moderator' option on the ellipsis menu to flag inappropriate posts.

Alteryx Designer Desktop Ideas

Share your Designer Desktop product ideas - we're listening!
Submitting an Idea?

Be sure to review our Idea Submission Guidelines for more information!

Submission Guidelines

Change in Connection String Needs to Require Password be Reentered

Hello, I noticed today when changing the database that my connection string is linked to that Alteryx Designer did not require my password to be reentered.  See below:  This is the initial state of the connection string:

 

 

2020-06-03_16-25-56.jpg

 

Notice that the database ends in "...-dev" and there is an encrypted password embedded in the string.  So far, all that is fine because that's how I set it up.  However, I typed a different database to end in ...-dev-data-migrations" in the string (while keeping the same server) and expected to be prompted for the password again, but the connection was made with the existing password and I was not prompted to reenter it (see below):

2020-06-03_16-25-20.jpg

 

While this is convenient, in my mind this represents a security problem because someone could set up an associate with a connection and only want them to be able to access that server, db connection, but might inadvertently be allowing them a connection to any other database in the same server that happens to share the same password. 

 

This is all the more risky considering it's standard practice to wipe out the password to a saved connection whenever there's a change to that connection.  These are standards in Microsoft SQL Server Management Studios, Oracle SQL Developer, and most likely many more.  I would even go so far as to say it's an industry standard to wipe the password whenever a change is made.  It's even standard with other elements of Alteryx Designer.  In the data sources quick connect window, you're unable to change the database after a connection was made to one database using SQL Authentication as is shown below:

 
 
 
 
 
 
 
 
 
 
 
 
 
 

2020-06-03_16-40-48.jpg

 

Notice the existing user name and password combination only allows the one single database connection. 

 

I think it makes sense to change this so that the password is wiped out whenever any change is made to the connection.

2 Comments
KylieF
Alteryx Community Team
Alteryx Community Team

Hi @kurtwz,

 

Thank you for your feedback and providing visuals! I've updated your idea to include the labels for out Data Connectors product team to insure this reaches them as they would be the most likely team to work through this feature update.

AlteryxCommunityTeam
Alteryx Community Team
Alteryx Community Team
Status changed to: Accepting Votes