Bug #63499 Login dialog constantly pops up
Submitted: 30 Nov 2011 7:08 Modified: 23 Dec 2011 21:00
Reporter: a b Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Workbench Severity:S2 (Serious)
Version: OS:Windows
Assigned to: CPU Architecture:Any

[30 Nov 2011 7:08] a b
Description:
The login/password dialog in Workbench constantly pops up every 5-10 minutes, regardless of whether any action is performed. This happens even when the Workbench isn't even focused, and regardless of any settings regarding timeouts and keep-alives. The only apparent work-around is to save the password in the insecure "vault", which is not an option for critical password such as root passwords.

This in itself is not a severe issue, but the login dialog also pops up as "always on top" - a property which should be reserved for critical "deal with this or get a blue screen" notifications. A criteria a client-side login certainly doesn't fit. This causes it to obscure all other programs, even if the Workbench was actually just idle in the background. This can severely harm work-flow in other, potentially more time-critical, programs.

What more, the value of this pop up is questionable, considering any subsequent query still requires inputting the password anyway.

How to repeat:
Connect to a database, and do not save the password in the "vault". Switch to another program and wait a few minutes.

Suggested fix:
One or more of the following can be done to fix this, although it is recommended to do all:
1. Do not open the log-in pop up on idle-task, only on user-generated actions, such as making a query. Let the connection die otherwise.
2. Add an option for 1.
3. Allow setting idle tasks activity in general, making them more transparent to the user.
4. Unset "always on top" from the dialog. A modal dialog already appears in front of its parent, always. The "always on top" flag is reserved for critical notifications by the operating system or real-time services, not for a client-side application.
5. Allow actual protection in the "vault" through a master password, instead of simply storing a potentially critical password.
[10 Dec 2011 14:41] Valeriy Kravchuk
What exact version of Workbench, 5.2.x, do you use?
[11 Dec 2011 7:17] a b
I have recently upgraded to 5.2.36 rev 8542, and the problem persists, although the frequency appears to have changed slightly.

I'll admit I am significantly more bothered by the fact that it pops up as "always on top" and cannot be dismissed for more than a few minutes without shutting down the whole program, then merely by the fact that it pops up. Workbench is not the only program I use at a given time, yet it constantly demands attention even when it's not doing anything useful, or at all.

If I could at least minimize the pop-up, that would be helpful too.
[12 Dec 2011 23:17] MySQL Verification Team
I couldn't repeat on Windows 7 64-bit, waiting more than 1 hour. Maybe there is a specific configuration which allows to repeat.
[13 Dec 2011 7:07] a b
Are you sure you tried without saving your password in the "vault"?
It could also be forced connection timeout on the server.

I don't mind if the connection is lost and I have to input the password again the next query. I do mind if the pop up appears over other programs while the workbench is idle.

This issue has made the Workbench unusable for me. In the mean time, I've been using the old Query Browser, which works perfectly fine, aside from a few minor flaws.
[13 Dec 2011 13:33] Mike Lischke
I cannot repeat the frequent popups, no idea where this comes from. However, the behavior of the dialog to stay above all applications is really annoying, so I fixed this for the next release.

A side note about security: the password vault on Windows is as safe as you can get it. Only the user who created it can decrypt it, so not even opening it with another account (let alone copying it to another machine) would allow to access the passwords. The encryption is done using Windows APIs, so that should be safe.
[13 Dec 2011 13:56] a b
I'm glad at least the pop up will be opened in the background, so I will at least be able to use Workbench starting with the next version.

A suggestion for recreating the idle-time pop-up: Try connecting to a remote database, then unplugging the Ethernet cable. See if this causes the pop-up to appear. Alternately, try to force the SQL to return "server has gone away" using any method you prefer.

As for the Windows API vault, I wouldn't trust it as far as I can throw it. I keep my passwords in an AES-encrypted file that is protected with a very long master password.
[23 Dec 2011 21:00] Philip Olson
Fixed as of 5.2.37:

The password prompt dialog is no longer the topmost window over
all open applications on a system, but now it's only the topmost
Workbench window.