Security
ElyraSQL Client is designed so that your data and credentials stay under your control.
Credentials
- Connection passwords are stored in the OS keychain — macOS Keychain, Windows Credential Manager, or the Linux Secret Service — and are never written to disk in cleartext.
- Removing a connection also deletes its keychain entry.
Where queries run
- Queries execute in the Rust core; the UI (webview) only receives results.
- The core reads credentials from the keychain and opens connections on demand.
Safety rails
- Destructive actions preview their SQL (inline edits, table designer, truncate/drop) and require confirmation before running.
- Read-only connections refuse writes and DDL.
- Production connections require an explicit confirmation for writes and draw a red window frame.
- The client only ever narrows access — the server's own privileges always apply.
Transport
- TLS is used opportunistically, and can be required per connection.
Licensing privacy
License validation sends only your key, the app name/version and an opaque per-install id to elyracode.com. No database contents are transmitted. See Editions & Licensing.
Reporting a vulnerability
Please report privately — see the repository's SECURITY.md. Do not open a
public issue for security reports.