Bug #50194 SSH Password not protected
Submitted: 8 Jan 2010 20:36 Modified: 24 Feb 2010 14:42
Reporter: Mike Frank Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Workbench Severity:S2 (Serious)
Version:5.2 OS:Any
Assigned to: Alfredo Kojima CPU Architecture:Any

[8 Jan 2010 20:36] Mike Frank 
Description:
password needs to be encrypted.

How to repeat:
create connection that uses 
look at server_instances.xml

Suggested fix:
make this password encrypted 
and allow user not to store password 
request when connection is used.

ok to persist in memory for reuse.  Obfuscate this as well.

as a password "vault" - which this affectively is - should require a password to the vault unencrypt passwords
or some other method of "authenticated" link to allow reading from encrypted form.
[9 Jan 2010 9:53] Valeriy Kravchuk 
Indeed, password is stored in plain text in the file:

        <value type="string" key="ssh.password">test</value>
[2 Feb 2010 0:18] Alfredo Kojima 
Following changes have been implemented:
- password is no longer stored in the connection XML file
- when a connection is opened, a password request dialog will popup and request for the password. The password can be optionally stored in the system keychain/vault/keyring.
- when editing a connection profile, you can also store the password to the system keychain.
- for compatibility, when WB starts it will look for passwords stored in the XML file. If anything is found, 
it will be removed from the XML file and automatically stored in the keychain. When WB quits, the connections file will be free from passwords.
[4 Feb 2010 16:15] Johannes Taxacher 
fix/changes confirmed
[24 Feb 2010 14:42] Tony Bedford 
A 'security fix' entry has been added to the 5.2.16 changelog:

Security Fix: Passwords were stored in plain text format in the file server_instances.xml.

To improve security MySQL Workbench has been changed in the following ways:

The password is no longer stored in the connection XML file.

When a connection is opened, a password request dialog is displayed and the password requested. The password can optionally be stored in the system keychain/vault/keyring.

When editing a connection profile, you can also store the password in the system keychain.

For compatibility, when MySQL Workbench starts it will look for passwords stored in the XML file. If any password is found, it will be removed from the XML file and automatically stored in the keychain. When MySQL Workbench exits, the connections file will be free from passwords.