Toad World® Forums

Please let us encrypt our password


#1

Hello,

After some hours, i finally found Toad encrypt password in CONNECTIONPWD.ini file with AES encryption.

They use a key which is different on each computer. (I don’t know if i can say.)

So i would like to encrypt my own CONNECTIONPWD.ini, i already made a CONNECTIONS.ini file with a small Java program which get all connect which i need from DB, and build a txt file.
But after i need to type each password.

so i would like to encrypt all password directly in the file.

But i don’t know exactly algorithm. I know the website http://user.talkingbyte.com can do that in reverse mode.

So Toad team an answer me and give me some tips to encode my password in the file.

I use Java program and cipher encryption but no success for this time…

Thanks in advance


#2

Why do you need that? Please xplain.

Have you tried to use that WEB site and get really open passwords?
:slight_smile:


#3

I don’t need clear text password.

I need encrypt my password.

I have lots of connections to my customer, and i need to make my own CONNECTIONSxxx files.
Because the DB increase each week with new connection, change server, etc…

And so i need to generate in auto the file for Toad.

And i cannot encrypt password…

I can give the file without password, but after i need to check the password for the connection, and type manually…

Do you understand ?


#4

Update ?


#5

It basically comes down to security. There are many, many, many security requirements across many industries that dictate how password information is saved (if it can be saved at all). The key common requirement is that you can’t give passwords “en masse” to another person so our implementation of that requirement is to tie the encryption to the user. We also can’t publish the algorithm that is used to do the encryption. TalkingByte has basically illegally hacked Toad but since he is based in Australia, there is nothing we can legally do to him. Although it can be an inconvenience in scenarios such as yours, security concerns have really come to the forefront and as a software provider, we need to be very cognizant of these needs from our customers.


#6

OK thanks your for your answer.
So in the future, Quest could make a feature to import a base with password ? SQLDevelopper did that but it ask the key during the import.


#7

It seems the export have changed in last version.
It’s an XML, and the password is just encrypt in Password Segment.


#8

Can i know if the encryption is same ? Or if it changed.

I always need to generate my XML file with connection from a database.


#9

As I said in a previous reply, we cannot divulge anything about our algorithm due to security concerns from customers.

From: ordimans bounce-ordimans@toadworld.com

Reply-To: "toadoracle@toadworld.com" toadoracle@toadworld.com

Date: Friday, March 30, 2018 at 6:08 PM

To: "toadoracle@toadworld.com" toadoracle@toadworld.com

Subject: RE: [Toad for Oracle - Discussion Forum] Please let us encrypt our password

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

** RE: Please let us encrypt our password**

Reply by ordimans

Can i know if the encryption is same ? Or if it changed.

I always need to generate my XML file with connection from a database.

To reply, please reply-all to this email.

Stop receiving emails
on this subject.

Or Unsubscribe from Toad for Oracle Forum
notifications altogether.

Toad for Oracle - Discussion Forum

Flag
this post as spam/abuse.


#10

In the last version, the password is for each connection in :

zkKLfcWTnLx6ZTD4m3IGqzXgOrtJ4WAEkbmB3w==

I need to generate my own xml from database…

No solution to import connection from mass data


#11

As you can divulgue anything about your algorithm. Can you add a feature to add an xml with many connection, and with the password in clear text in a special field ?
It will be great…


#12

You may add your suggestion to the Idea Pond but it is unlikely that a feature similar to this will be added as it decreases the security of the product.

Toad does provide the option of passing connections in via the command line though. Below is a snippet from the help documentation.


#13

Thanks for this advice. It seems new, because i didn’t find before. The new connection is launched in the same instance or a new instance of Toad ? I mean if i use URL each time , i will have 10 Toad.exe process ?


#14

I mean if i use URL each time , i will have 10 Toad.exe process ?

Yes, it will create a new instance of Toad each time you reference it from the command line. You can however pass multiple connections into the product as once which will only create the single instanceof Toad.exe. An example of this would look something like…

Toad.exe -c schema/password@db "schema2/password@db" "schema3/password@db"

#15

Thanks.

Don’t want to launch new instance each time.
And don’t want connect to all instance at the startup…

4000 connections added by XML (without password), it’s smooth. Congratulations to Quest, because it’s not the case with others software…