Generate encrypted password

This window is invoked from the Data Display window (Tools > Generate Encrypted Password).

This feature was introduced in conjunction with Batch Mode operation of AQT, in which you need to specify Connect statements in your batch scripts to sign onto the database you wish to run your script against. If your database requires a userid and password to be specified, these will need to be coded in the script. This is a security risk - in our opinion, passwords should never be coded in clear text in scripts.

Our solution to this is to use encrypted passwords in your batch scripts. The procedure is to:

use the Generate Encrypted Password window to generate an encrypted password.
use this encrypted password in the your batch scripts. When coding a Connect function, you specify an encrypted password with the epwd parameter.

To use the Generate Encrypted Password window

Type your password into the Password textbox
AQT will encrypt the password and show the result to you in Encrypted Password
AQT will then also decrypt the encrypted password and show this in Decrypt Check. This is used to verify that the encryption and decryption are working correctly. The Decrypt Check should be the same as Password - if it is different there is some problem with the decryption.
Hit the Copy button to copy the Encrypted Password to the windows clipboard. This can then be pasted into an AQT script.

Note that there is a randomizer built into the encrypted password. The same password can produce different encrypted passwords if run more than once (this is to prevent the cracking of password by trial and error).

Who can use this password?

Three identity options are available:

When you select the default option (Anyone), any AQT user can use this encrypted password.

You may wish to adopt a higher level of security by selecting one of the other options. With these, AQT will encrypt the password with a system-generated key that is held in your registry.

For the option Anyone using this Machine, this key is held in the LOCAL_MACHINE part of the registry. This means that anybody logged onto your machine will be able to use this encrypted password.
Note: for the option Anyone using this Machine to work, you must have authority to update the LOCAL_MACHINE part of your registry. Some organization networks restrict access to this.
For the option Only myself, the key is held in the LOCAL_USER part of the registry. Only you, logged onto your machine, will be able to use this encrypted password.

If your machine is rebuilt, or the AQT registry entries are tampered with, the encrypted passwords will no longer work and will need to be regenerated.