We’ll consider this for future releases.
Also setting up username and password for importing/syncing should be possible via script.
Thanks a lot!
I respectfully disagree. Passwords should never, ever be set in clear text in a script. Did I say never?
You presumably want to encrypt your database to protect them from unauthorized access. Which, in your scenario, implies that someone might have access to your machine (how else would they be able to get at your databases). Which, in turn, means that they can read your scripts. Containing passwords? So, your scenario is that an authorized person is intelligent enough to find your databases, but too stupid to read your scripts? Seriously?
To reiterate: Never store your password in a script. Not in DT, not in Python, not in AppleScript. Never. I’d actually prefer no password “protection” at all. Instead, certificates, hardware keys, anything that is more difficult to guess and steal.
You’re right, of course, but it’s also possible to prompt for the name and password…
First off, I’m not sure what these “encrypted” databases really are. The manual says
Encrypted Databases: If you have databases containing sensitive or private information, you can create an encrypted database. This is specialized AES-256 encrypted disk image that will not appear in the Finder or your desktop when it’s open.
But @BLUEFROG stated that a password protected database is not encrypted:
Regardless: I’d still rather use some hardware protection than a password, if I had to. Passwords can be brute-forced or guessed.
To clarify… there are three ways to protect the database or sync:
-
Encrypted database (AES-256 encrypted disk image > .dtSparse): The database is fully encrypted on local disk on a dmg-Volume. Without the password you cannot open the database.
-
Password protection for importing (set up in database properties): Asks for name and password if you want to import the database from sync location. Without the credentials you cannot import a database from a sync location.
-
Encryption with password protection for sync location itself (set up in sync location settings): Protects the sync location itself. Without the password you cannot join to a existing sync location.
1 Like