Re: [dtp-dev] BZ Bug 163502 - db connection password is stored in clear

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [dtp-dev] BZ Bug 163502 - db connection password is stored in clear text

From: Anil T Samuel <anil.samuel@xxxxxxxxxx>
Date: Tue, 6 Feb 2007 08:47:03 +1100
Delivered-to: dtp-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/listinfo/dtp-dev>
List-help: <mailto:dtp-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/dtp-dev>, <mailto:dtp-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/dtp-dev>, <mailto:dtp-dev-request@eclipse.org?subject=unsubscribe>

Hi

I vote to have the field removed and leave the implementation ofcapturing that info to the DTP extender.


Anthos
On 06/02/2007, at 6:03 AM, rcernich@xxxxxxxxxx wrote:

Hey all,

https://bugs.eclipse.org/bugs/show_bug.cgi?id=163502

We are considering a solution to this bug but would like to get some
feedback before implementing it. The problem is that the driver
template, which can specify user ID and password defaults, is
specified in plugin.xml and unencrypted. The two options that are
being floated around are:

1) Suggest that people not include the default password as a
property in their driver template, since it is not encrypted.

2) In the Driver Edit dialog, where the driver template properties
are listed with their defaults, we should remove the masking for the
password property to show more clearly that it is unencrypted.

What do you think about removing the masking of the password for
driver definitions? The encryption and password masking would stay
in place for profiles, which are minimally encrypted at this point.
But we would show the password (if included) for driver templates in
plaintext.

I think it's important to point out that this information is usedsolelyfor initializing fields in the new connection profile wizard. Theinitialuse case was to have these values (UID/PWD) defaulted to well known(i.e.documented) values. For example, the uid/pwd for a sample DBincluded as

part of the install; or, less likely, the default admin uid/pwd for a

server (e.g. "sa"/"" for ASE). It was not intended for specifyingspecificcredentials for a specific user (although it can be, which I thinkis part

of the problem).

Anyway, my vote would be to remove the password field. If thisisn't the

"winning" proposition, I think the property name should be changed to
"Default password" (as should the other properties in the driver
definition; i.e. they should be prefixed with "default").

Rob

_______________________________________________
dtp-dev mailing list
dtp-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/dtp-dev

References:
- Re: [dtp-dev] BZ Bug 163502 - db connection password is stored in clear text
  - From: rcernich

Prev by Date: [dtp-dev] DbUnit Integration for DTP in Europa
Next by Date: [dtp-dev] DTP Connectivity Committers' Meeting Minutes
Previous by thread: Re: [dtp-dev] BZ Bug 163502 - db connection password is stored in clear text
Next by thread: [dtp-dev] DbUnit Integration for DTP in Europa
Index(es):
- Date
- Thread

Breadcrumbs