community
cancel
Showing results for 
Search instead for 
Did you mean: 

Alteryx Designer Ideas

Share your Designer product ideas - we're listening!

Database Connection Password Default (Hide)

As a security enhancement, the default passwords setting should be encrypt for user. Although this is critical for security my users have overlooked this even with training. They truly aren't culpable if they forgot. If it is the default then they must consciously change the it to an insecure setting.

 

From a security perspective the current default setting is backwards.

Grant Hansen

5 Comments
Meteoroid

Agreed, it's baffling that enterprise software has this as a default. If you have access to any workflow that contains a "(Hide) Default" connection, you now have full access to that person's DB account. You can read/drop any of their tables in the pre/post sql. You can even change their password and now own their DB account.

 

A less malicious use case would be a user copy and pasting portions from someone elses workflow into their's as a guide. Any changes they make would still be running under the original authors DB account.

 

Either way, huge risk for any org.

Alteryx Alumni (Retired)
Status changed to: Under Review

Thanks @ghansen3 and @BDS for sharing this great point about changing the default. We are very interested to hear how many more customers would like to see this default changed. I have captured this request so that we can keep it on our radar to possibly fit into a future product release.  Please keep the great feedback coming!

Alteryx Alumni (Retired)

@MattB, any update on this on the Products side? 

Alteryx Alumni (Retired)

While we wait to make this change in the product, there is an unsupported registry change that may work. As with all registry changes, please understand there is a risk involved.  To change the default to "Encrypt for User", please close Designer and create the following registry key.

 

Location: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SRC\Alteryx]

Name: UserEncryption

Type: REG_SZ (String value)

Data (value): TRUE

 

If you want to move forward with this change, please engage IT to safely roll this registry change out to Designer users.

 

@ghansen3 @ChadM @BDS

Moderator
Moderator
Status changed to: Implemented

Thank you for posting to the Alteryx Community!

 

I'm updating this idea to Implemented as the default for password encryption was updated to 'Encrypt by User' in a previous version.