Taking care about database credentials can be really important. Database passwords need to be processed without risk of getting lost or shared. At the same time database password should not be asked on each database operation, such kind of password prompts could become annoying for applications constantly interacting with a database. This section describes how the application handles credentials, when passwords are saved or not and when saved passwords are encrypted or not. This can provide you with an understanding of how an application is using credentials and what options can be safe enough and convenient at the same time for your environment.
'Open database(s)' dialog is used to ask you for a database credentials. Once you click OK, these credentials are sitting in the application memory (not on the disk) and used each time you connect to the database. If your application instance already had some other database pair opened and if you have 'Open new application instance' option enabled by default or used during the database open, then your credentials will be passed in the encrypted way as a command line arguments to the new application instance.
When you open a database, database credentials can be saved in the application settings file, this information is used to reopen the database from the Recent database list. If you have chosen 'Save passwords' during the database open, then the encrypted password is saved in the settings file. Otherwise 'recent databases' item will keep only user and password will be asked again when you open the database from the Recent list. If you don't want this information to be stored in the Recent database list then you can remove corresponding Recent databases list item after database open.
Before implementation of 'Recent databases', these files were used to avoid password entry when connecting to the same database multiple times. Today these files still can be used to simplify work with databases. Passwords in that files can be saved explicitly or in an encrypted way. Recent database items for such connection keep only path to msdbs files, without passwords.
Application can accept database passwords by command line, either explicitly if specified by the user, or in an encrypted way if the database is connected using the 'new application instance' option.
Application can accept database connection settings as a connection string. 'Open database(s)' dialog has an option 'fill from conn. str. in clipboard' - it just parses connection string from clipboard and puts parsed values to corresponding dialog fields, including password. Home tab panel has 'Open database from connection string in clipboard'. In this case credentials are processed the same way as you would open 'Open database(s)' dialog, clicked 'fill from conn. str. in clipboard' and then OK. If 'Save password' was enabled during the last time you were opening a database using 'Open database(s)' dialog, then the encrypted password will be saved in the Recent databases list.
Last updated: 2023-12-01
