Community Spring Cleaning week is here! Join your fellow Maveryx in digging through your old posts and marking comments on them as solved. Learn more here!
The Product Idea boards have gotten an update to better integrate them within our Product team's idea cycle! However this update does have a few unique behaviors, if you have any questions about them check out our FAQ.

Alteryx Designer Desktop Ideas

Share your Designer Desktop product ideas - we're listening!
Submitting an Idea?

Be sure to review our Idea Submission Guidelines for more information!

Submission Guidelines

Database Connection Password Default (Hide)

As a security enhancement, the default passwords setting should be encrypt for user. Although this is critical for security my users have overlooked this even with training. They truly aren't culpable if they forgot. If it is the default then they must consciously change the it to an insecure setting.

 

From a security perspective the current default setting is backwards.

Grant Hansen

5 Comments
BDS
6 - Meteoroid

Agreed, it's baffling that enterprise software has this as a default. If you have access to any workflow that contains a "(Hide) Default" connection, you now have full access to that person's DB account. You can read/drop any of their tables in the pre/post sql. You can even change their password and now own their DB account.

 

A less malicious use case would be a user copy and pasting portions from someone elses workflow into their's as a guide. Any changes they make would still be running under the original authors DB account.

 

Either way, huge risk for any org.

MattB
Alteryx Alumni (Retired)
Status changed to: Under Review

Thanks @ghansen3 and @BDS for sharing this great point about changing the default. We are very interested to hear how many more customers would like to see this default changed. I have captured this request so that we can keep it on our radar to possibly fit into a future product release.  Please keep the great feedback coming!

ChadM
Alteryx Alumni (Retired)

@MattB, any update on this on the Products side? 

MattB
Alteryx Alumni (Retired)

While we wait to make this change in the product, there is an unsupported registry change that may work. As with all registry changes, please understand there is a risk involved.  To change the default to "Encrypt for User", please close Designer and create the following registry key.

 

Location: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SRC\Alteryx]

Name: UserEncryption

Type: REG_SZ (String value)

Data (value): TRUE

 

If you want to move forward with this change, please engage IT to safely roll this registry change out to Designer users.

 

@ghansen3 @ChadM @BDS

KylieF
Alteryx Community Team
Alteryx Community Team
Status changed to: Implemented

Thank you for posting to the Alteryx Community!

 

I'm updating this idea to Implemented as the default for password encryption was updated to 'Encrypt by User' in a previous version.