Loading Profile...
Twitter,
Facebook, or email.
DB user password stored in unencrypted form
If DB user password is filled in Edit Database Connection dialog, it's stored in Ataccama DQ Analyzer 6\workspace\.metadata\.plugins\org.eclipse.core.runtime\.settings\cz.adastra.cif.gui.model.prefs file as a plain text. Does not match with some companies' security policy (including my employer). At minimum, users should be warned that their password is exposed that way. Password is accessible also via Help - About Ataccama DQ Analyzer - Configuration Details.
Official
Response
-
Hi David,
thank you very much for pointing this out. In the final release, which is now available for download, we have implemented encryption for password information both in the UI settings and the runtime - so it shouldn't be possible to read the password just by looking to the configuration files.
Password encryption is automatically turned on for all newly created database connections. If you are reusing DQ Analyzer workspace with configured connections from EA6 or a former build, choosing "Edit connection" from the context menu of a particular database node in Explorer will encrypt the password for that connection as well.
EMPLOYEE
-
Hi David,
thank you very much for pointing this out. In the final release, which is now available for download, we have implemented encryption for password information both in the UI settings and the runtime - so it shouldn't be possible to read the password just by looking to the configuration files.
Password encryption is automatically turned on for all newly created database connections. If you are reusing DQ Analyzer workspace with configured connections from EA6 or a former build, choosing "Edit connection" from the context menu of a particular database node in Explorer will encrypt the password for that connection as well.Comment -
