SQL Developer Security: Save Password & XML connection file
649442Sep 16 2008 — edited Sep 16 2008Hello all -
Does any know how to turn off the save password feature in version 1.5.1? I ran a test where if the basic connection set-up is used to connect to the database from a local machine and the save password is enabled, the password is saved as encypted on the local machine. That's fine, BUT the connection XML file doesn't care where it's located, so someone can swipe the connection XML file and use the file on another machine using the SAVED id and password. This is a huge risk for people managing or developing in databases containing condidential or sensitive data.
Has anyone else encountered this issue? Any workarounds you'd like to share?