Alteryx Designer Desktop Ideas
Share your Designer Desktop product ideas - we're listening!Submitting an Idea?
Be sure to review our Idea Submission Guidelines for more information!
Submission GuidelinesHello, I noticed today when changing the database that my connection string is linked to that Alteryx Designer did not require my password to be reentered. See below: This is the initial state of the connection string:
Notice that the database ends in "...-dev" and there is an encrypted password embedded in the string. So far, all that is fine because that's how I set it up. However, I typed a different database to end in ...-dev-data-migrations" in the string (while keeping the same server) and expected to be prompted for the password again, but the connection was made with the existing password and I was not prompted to reenter it (see below):
While this is convenient, in my mind this represents a security problem because someone could set up an associate with a connection and only want them to be able to access that server, db connection, but might inadvertently be allowing them a connection to any other database in the same server that happens to share the same password.
This is all the more risky considering it's standard practice to wipe out the password to a saved connection whenever there's a change to that connection. These are standards in Microsoft SQL Server Management Studios, Oracle SQL Developer, and most likely many more. I would even go so far as to say it's an industry standard to wipe the password whenever a change is made. It's even standard with other elements of Alteryx Designer. In the data sources quick connect window, you're unable to change the database after a connection was made to one database using SQL Authentication as is shown below:
Notice the existing user name and password combination only allows the one single database connection.
I think it makes sense to change this so that the password is wiped out whenever any change is made to the connection.
