Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[dtp-dev] BZ Bug 163502 - db connection password is stored in clear text

Hi all...
 
https://bugs.eclipse.org/bugs/show_bug.cgi?id=163502
 
We are considering a solution to this bug but would like to get some feedback before implementing it. The problem is that the driver template, which can specify user ID and password defaults, is specified in plugin.xml and unencrypted. The two options that are being floated around are:
 
1) Suggest that people not include the default password as a property in their driver template, since it is not encrypted.
 
2) In the Driver Edit dialog, where the driver template properties are listed with their defaults, we should remove the masking for the password property to show more clearly that it is unencrypted.
 
What do you think about removing the masking of the password for driver definitions? The encryption and password masking would stay in place for profiles, which are minimally encrypted at this point. But we would show the password (if included) for driver templates in plaintext.
 
Thanks in advance.
--Brian Fitzpatrick
   Sr. Software Engineer/DTP Committer
   Sybase, Inc.

Back to the top