4.2 Beta1 Sqlyog.ini

[sdozono]

I tested 4.2 BETA 1.

at sqlyog.ini

[Connection 1]

[Connection 2]

[Connection 3]

Passwords are encrypted.

But,

[DATASYNC]

TgtPwd= ** ORIGINAL PASSWORD **

Do you have any reason for this?

Thanks in advance!

🙄

[Ritesh]

This is very strange as we dont keep passwords for any wizards in sqlyog.ini. If you open up the wizard again, you will see that all the fields keep their last values except the password.

I have forwarded it to my development team.

BTW, we keep the password in plain text in the XML job file.

[peterlaursen]

This reminds me …

There is an old user request pending that it should be an option NOT to fetch the password into Connections Manager. When more people use the same PC it is not much help that PWs are encrypted in the .ini file as long as anybody just can run the SQLyog program and choose a connection from the drop-down box.

That option (the option NOT to fetch the password into Connections Manager) should be protected with a “master password”, that also should be encrypted).

Security experts may be able to propose a better and more safe solution …

The unencrypted PW in XML-job-files are acceptable. Users can store their jobfiles in a protected area on disk. Several ways to do that.

[peterlaursen]

And here comes a question that is also security related.

When SJA is running from a NT-based Client (NT, 2K or XP), I think there is no need that any user should be logged on. The scheduler is a service in the OS, and runs even if no user is logged on. The scheduled job must then run with “System” privileges. In that case the computer executing SJA must be turned on and just showing the logon screen. That is similar to the normal use of computers having Network Admin Software installed. You log out when you leave it!

Anybody tried that with the SJA?

I can research on it myself, but no need to if anybody knows the answer allready!

[Ritesh]

peterlaursen wrote on Sep 13 2005, 11:35 AM:

This reminds me …

There is an old user request pending that it should be an option NOT to fetch the password into Connections Manager.  When more people use the same PC it is not much help that PWs are encrypted in the .ini file as long as anybody just can run the SQLyog program and choose a connection from the drop-down box.

[post=”7145″]<{POST_SNAPBACK}>[/post]

This is already in the TO-DO list of SQLyog. We plan to fix it in v4.4 or v4.5.

[Ritesh]

peterlaursen wrote on Sep 13 2005, 12:37 PM:

And here comes a question that is also security related.

When SJA is running from a NT-based Client (NT, 2K or XP), I think there is no need that any user should be logged on.  The scheduler is a service in the OS, and runs even if no user is logged on.  The scheduled job must then run with “System” privileges.  In that case the computer executing SJA must be turned on and just showing the logon screen.  That is similar to the normal use of computers having Network Admin Software installed.  You log out when you leave it!

Anybody tried that with the SJA?

I can research on it myself, but no need to if anybody knows the answer allready!

[post=”7146″]<{POST_SNAPBACK}>[/post]

Using Windows Task scheduler, you can set all of these options. Once SQLyog creates the task you can configure the options that you want 😀

[Ritesh]

sdozono wrote on Sep 13 2005, 03:17 AM:

[DATASYNC]

TgtPwd= ** ORIGINAL PASSWORD **

Do you have any reason for this?

Thanks in advance!

🙄

[post=”7141″]<{POST_SNAPBACK}>[/post]

Bug confirmed and fixed in v4.2 BETA 2 development tree.

[peterlaursen]

Quote:

Using Windows Task scheduler, you can set all of these options. Once SQLyog creates the task you can configure the options that you want

Actually I am becoming a little bit confused now!

This question: http://www.webyog.com/forums/index.php?sho…7197&#entry7197 made me research a little bit more.

This MS document http://support.microsoft.com/?kbid=223375 says

“This issue occurs because you cannot configure a task to use the System account using the Scheduled Tasks Wizard.”

Actually I can! See attached picture.

the Danish text “Kør kun … ” means “run only when a user is logged on”

If I uncheck this a request for PW pops up. However I can cancel this PW-request, and the job runs! (with “NT_AUTHORITYSYSTEM” privileges)

Anybody knows if this is changed from 2K to XP ?

[Author]

Posts