|Re: [dtp-dev] BZ Bug 163502 - db connection password is stored in clear text|
HiI vote to have the field removed and leave the implementation of capturing that info to the DTP extender.
Anthos On 06/02/2007, at 6:03 AM, rcernich@xxxxxxxxxx wrote:
Hey all,https://bugs.eclipse.org/bugs/show_bug.cgi?id=163502 We are considering a solution to this bug but would like to get some feedback before implementing it. The problem is that the driver template, which can specify user ID and password defaults, is specified in plugin.xml and unencrypted. The two options that are being floated around are: 1) Suggest that people not include the default password as a property in their driver template, since it is not encrypted. 2) In the Driver Edit dialog, where the driver template properties are listed with their defaults, we should remove the masking for the password property to show more clearly that it is unencrypted. What do you think about removing the masking of the password for driver definitions? The encryption and password masking would stay in place for profiles, which are minimally encrypted at this point. But we would show the password (if included) for driver templates in plaintext.I think it's important to point out that this information is used solely for initializing fields in the new connection profile wizard. The initial use case was to have these values (UID/PWD) defaulted to well known (i.e. documented) values. For example, the uid/pwd for a sample DB included aspart of the install; or, less likely, the default admin uid/pwd for aserver (e.g. "sa"/"" for ASE). It was not intended for specifying specific credentials for a specific user (although it can be, which I think is partof the problem).Anyway, my vote would be to remove the password field. If this isn't the"winning" proposition, I think the property name should be changed to "Default password" (as should the other properties in the driver definition; i.e. they should be prefixed with "default"). Rob _______________________________________________ dtp-dev mailing list dtp-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/dtp-dev
Back to the top