After some hours, i finally found Toad encrypt password in CONNECTIONPWD.ini file with AES encryption.
They use a key which is different on each computer. (I don’t know if i can say.)
So i would like to encrypt my own CONNECTIONPWD.ini, i already made a CONNECTIONS.ini file with a small Java program which get all connect which i need from DB, and build a txt file.
But after i need to type each password.
so i would like to encrypt all password directly in the file.
But i don’t know exactly algorithm. I know the website http://user.talkingbyte.com can do that in reverse mode.
So Toad team an answer me and give me some tips to encode my password in the file.
I use Java program and cipher encryption but no success for this time…
I have lots of connections to my customer, and i need to make my own CONNECTIONSxxx files.
Because the DB increase each week with new connection, change server, etc…
And so i need to generate in auto the file for Toad.
And i cannot encrypt password…
I can give the file without password, but after i need to check the password for the connection, and type manually…
It basically comes down to security. There are many, many, many security requirements across many industries that dictate how password information is saved (if it can be saved at all). The key common requirement is that you can’t give passwords “en masse” to another person so our implementation of that requirement is to tie the encryption to the user. We also can’t publish the algorithm that is used to do the encryption. TalkingByte has basically illegally hacked Toad but since he is based in Australia, there is nothing we can legally do to him. Although it can be an inconvenience in scenarios such as yours, security concerns have really come to the forefront and as a software provider, we need to be very cognizant of these needs from our customers.
OK thanks your for your answer.
So in the future, Quest could make a feature to import a base with password ? SQLDevelopper did that but it ask the key during the import.
Subject: RE: [Toad for Oracle - Discussion Forum] Please let us encrypt our password
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
As you can divulgue anything about your algorithm. Can you add a feature to add an xml with many connection, and with the password in clear text in a special field ?
It will be great…
You may add your suggestion to the Idea Pond but it is unlikely that a feature similar to this will be added as it decreases the security of the product.
Toad does provide the option of passing connections in via the command line though. Below is a snippet from the help documentation.
Thanks for this advice. It seems new, because i didn’t find before. The new connection is launched in the same instance or a new instance of Toad ? I mean if i use URL each time , i will have 10 Toad.exe process ?
I mean if i use URL each time , i will have 10 Toad.exe process ?
Yes, it will create a new instance of Toad each time you reference it from the command line. You can however pass multiple connections into the product as once which will only create the single instanceof Toad.exe. An example of this would look something like...
Again, unfortunately we won't be able to share details around encryption.
You're able to include your suggestion around importing plain text passwords into the idea pond to see if others would also be interested in this feature.
I asked this 4 years ago.
Now it's possible to import with secret password, but it's useless....
I need to import from external, the first time...
Either you let the encryption, or a tool/script to encode easily.
Or you authorize to import the first time with clear password.... Why this is not possible ?
