Advent of Code is back! Unwrap daily challenges to sharpen your Alteryx skills and earn badges along the way! Learn more now.
community Alteryx IO Mission Control
alteryx Community
Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Designer Desktop Ideas

Share your Designer Desktop product ideas - we're listening!
Submitting an Idea?

Be sure to review our Idea Submission Guidelines for more information!

Submission Guidelines

Database Connection Password Default (Hide)

Status: Implemented Submitted by on ‎04-20-2016 01:17 PM
5 Comments (5 New)

As a security enhancement, the default passwords setting should be encrypt for user. Although this is critical for security my users have overlooked this even with training. They truly aren't culpable if they forgot. If it is the default then they must consciously change the it to an insecure setting.

 

From a security perspective the current default setting is backwards.

Grant Hansen

5 Comments
BDS
6 - Meteoroid
‎01-17-2017 07:34 AM

Agreed, it's baffling that enterprise software has this as a default. If you have access to any workflow that contains a "(Hide) Default" connection, you now have full access to that person's DB account. You can read/drop any of their tables in the pre/post sql. You can even change their password and now own their DB account.

 

A less malicious use case would be a user copy and pasting portions from someone elses workflow into their's as a guide. Any changes they make would still be running under the original authors DB account.

 

Either way, huge risk for any org.

0 Likes
MattB
Alteryx Alumni (Retired)
‎02-21-2017 11:05 AM
Status changed to: Under Review

Thanks @ghansen3 and @BDS for sharing this great point about changing the default. We are very interested to hear how many more customers would like to see this default changed. I have captured this request so that we can keep it on our radar to possibly fit into a future product release.  Please keep the great feedback coming!

0 Likes
ChadM
Alteryx Alumni (Retired)
‎09-22-2017 02:53 PM

@MattB, any update on this on the Products side? 

0 Likes
MattB
Alteryx Alumni (Retired)
‎09-27-2017 08:25 AM

While we wait to make this change in the product, there is an unsupported registry change that may work. As with all registry changes, please understand there is a risk involved.  To change the default to "Encrypt for User", please close Designer and create the following registry key.

 

Location: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SRC\Alteryx]

Name: UserEncryption

Type: REG_SZ (String value)

Data (value): TRUE

 

If you want to move forward with this change, please engage IT to safely roll this registry change out to Designer users.

 

@ghansen3 @ChadM @BDS

0 Likes
KylieF
Alteryx Community Team
Alteryx Community Team
‎10-15-2019 12:51 PM
Status changed to: Implemented

Thank you for posting to the Alteryx Community!

 

I'm updating this idea to Implemented as the default for password encryption was updated to 'Encrypt by User' in a previous version.

0 Likes
Labels