RFE: Add user defined master password for stored passwords in Aliases

[t603]

Hello,

since few versions ago, there has been added checkbox "Save password encrypted" in Alias definition. This is great security improvement.

But, and I do not want to write details in public board, it is not secure as could be. So my thought is: What about to enable by checkbox in Global Preferences, to add "user defined" one master password (instead of current situation), which would be used for encryption of all stored passwords in Aliases? Maybe the same password could be used for encryption of SQL History (which is in plain text now) also. And this "user defined" password will not be stored anywhere but only in memory.

Currently I never store any Alias password, so I can live without this RFE, but I could imagine, this RFE could increase security to such level, that storing passwords would be enough safe for me.

Thank You in advance, Stepan

P. S.: SQuirreL SQL 5.0.0 is full of so many great features and all they work well, thank You for it!

[t603]

And for this "master" password should be the user asked (prompted) in the first usage of any stored password or at startup of SQuirreL SQL (if "master" password will be enabled in Global properties).

[gerdwagner]

The following was implemented an will be available in future snapshots an versions:

Excerpt from change log:

#73
Security: Introduced option to use a key password for encrypting Alias passwords.
When a key password is used SQuirreL can decrypt Alias-passwords only after the key password was entered.
SQuirreL stores the key password in memory only. As a consequence the key password must be entered
after SQuirreL was started and before an Alias, that uses password encryption, can be connected to.
See menu File --> "Alias password encryption security ..."
Although this feature increases security still note: For maximum security do not save passwords in Aliases.

[t603]

Hello,

I tried quite many different use cases and an implementation works very good and makes a sense in every time. It is voluntary feature, so it is solely up to user to use it or not. I have to use it, so I will use it. Nice feature is a backup before enabling this feature.

Together with Modify multiple Aliases it is great way, how to manage passwords efficiently (if one does not edit XML directly).

Thank You very much for implementing this feature, Stepan

[gerdwagner]

Thanks for testing and for your feedback, Stepan.