Security

Hello there!
At first I want to say that HeidySQL is great, really great.
I have one question - where are stored saved passwords ? I want to know it because of security reason ..

Registry:
HKEY_CURRENT_USER\Software\HeidiSQL\Servers\[Your session name]\Password

The password value is encrypted using a homebrown obscure method, which is not very strong but should be good enough to have it not hacked in 5 seconds.

Thank you for answer. I'm affraid that it's not very secure way.. Have you ever think about storing password encrypted by for example "AES Crypt" and protect them with master password ?

Not yet. As I don't have a clue how to accomplish that using Delphi.

Hello Ansgar,

Is Heidisql still storing passwords using homebrown obscure method? If something changed, how stored pawwords are encrypted?What method or algorith is used?

The old encryption is still being used in v12.0.

I recommend to use the "Prompt for credentials" option for sensitive servers.

Any timeline to improve it, please?

Is there any way to enforce "prompt credentials"? How can we delete the existing credentials without tampering the registry?

You can clear the credentials first, in the session manager. Then activate the prompt checkbox.