How we handle
your credentials
DBEverywhere connects to your database on your behalf. That means your credentials pass through our server. Here's exactly what happens to them, with no marketing spin.
We don't store your password by default
When you connect to a database, your credentials are held in memory for the duration of your session. When the session ends — whether you close it, it times out, or you log out — your credentials are wiped. They are never written to disk unless you explicitly choose to save a connection.
Credential lifecycle
Default: session-only credentials
You type your host, username, and password. We pass them to phpMyAdmin or Adminer via a one-time signon token. The token file is deleted immediately after use. Your credentials live in a temporary session store and are automatically blanked when the session expires.
Opt-in: saved connections (paid tier)
If you choose to save a connection, the host, username, password, database name, and any SSH credentials are encrypted at rest using AES-256-GCM before being written to the database. The encryption key is stored separately from the database. We can only decrypt your credentials when you ask us to connect.
AES-256 is classified as quantum-resistant by NIST. The best known quantum attack (Grover's algorithm) reduces its effective strength to 128-bit — still computationally infeasible. Unlike RSA and ECC, which will need to be replaced as quantum computing matures, AES-256-GCM requires no future migration. Your saved credentials are protected against both current and foreseeable threats.
Session cleanup
A background worker runs every 60 seconds. It finds expired sessions and blanks their stored credentials. Stale token files are deleted. Session records are kept (without credentials) for your session history.
What we can't see
phpMyAdmin and Adminer connect directly to your database. Your queries, your data, and your results flow between the tool and your database — we are the proxy, not the endpoint. We don't log queries, inspect results, or store any of your actual data. We see connection metadata (which host, which port, when you connected) but not what you do inside the session.
Network security
- ✓ HTTPS everywhere. All browser traffic is encrypted with TLS, enforced by Caddy with auto-provisioned Let's Encrypt certificates.
- ✓ TLS database connections. We connect to your database over TLS where supported by the remote server.
- ✓ SSRF protection. Connection targets are validated — we block connections to private and reserved IP ranges to prevent abuse.
- ✓ CSRF protection. All state-changing requests require a valid token to prevent cross-site request forgery.
- ✓ Rate limiting. Endpoints are rate-limited to prevent brute force and abuse.
You control access
DBEverywhere connects from a single static IP address. You whitelist this IP in your database firewall. You can revoke it in 10 seconds.
This means you decide when we can reach your database and when we can't. Unlike a desktop tool on a compromised laptop, there's one point of access and you fully control it.
See our IP whitelisting guide for step-by-step setup on DigitalOcean, Hetzner, AWS RDS, and more.
Session timeouts
Sessions are time-limited and automatically cleaned up:
1 hour
Free tier timeout
8 hours
Paid tier timeout
When a session expires, credentials are blanked from the session store. You can also end any session manually from your dashboard at any time.
What if DBEverywhere gets compromised?
We designed for this scenario. If an attacker gains access to our server:
- → No default credential storage — if you haven't saved a connection, there are no credentials to steal. Expired session credentials are already blanked.
- → Encrypted saved connections — saved credentials are encrypted with AES-256-GCM. The encryption key is stored separately. A database dump alone is not enough.
- → You can cut access instantly — remove our IP from your database firewall and we can no longer reach your database, regardless of what credentials exist on our end.
The worst case for most users (who don't save credentials) is that an active session's temporary credentials could be exposed during the session window. Once the session expires, there's nothing left.
Summary
| Default credential storage | Session memory only, blanked on expiry |
| Saved connection encryption | AES-256-GCM (quantum-resistant), key stored separately |
| Transport encryption | HTTPS (TLS) on all browser traffic |
| Database connections | TLS where supported by remote server |
| Access control | Static IP whitelisting, user-revocable |
| Session timeouts | 1 hour (free) / 8 hours (paid), auto-cleanup |
| Query logging | None. We don't see or store your queries or data. |
Questions about security? Reach us at security@dbeverywhere.com
Get started free