Is There A Way To Prevent Users From Saving Passwords In Sqlyog?

[glogrl]

Hello Everyone,

I apologize in advance if this question was previously asked and answered. I am new to sqlyog and am looking to make sure that it is compliant with our organizational security requirements, one of which is to encrypt any passwords that are stored locally. I know that the tool currently can't do that so I'm wondering if there is a way to gerry rig the client (via some registry entry or something) so that users don't have the option to store their passwords…..

Any advice/suggestions/etc are appreciated.

Thanks!

Glogrl

[peterlaursen]

“.. encrypt any passwords that are stored locally. I know that the tool currently can't do that”. Well – we 'obfuscate' the password in sqlyog.ini (but not in SJA jobfiles currently). User will not be able to see the password in plain text.

” .. so that users don't have the option to store their passwords” .. well users can store any password locally but if they do not have UPDATE privilege to the mysql.user table on the server they cannot change their password – and will not be able to connect if they do stroe locally.  It is the server admin that should take care of this. I believe you do not really understand the MySQL privilege system like described here: http://dev.mysql.com/doc/refman/5.1/en/privilege-system.html

Passwords are server settings – not client setting.  GRANT privileges for users to what databases they need – and not the 'mysql' database. And even if you GRANT SELECT privilege for users (what is required in few situations) to mysql.users table it will still be hashed and not visible in plain text. 

[Author]

Posts