What is the exact risk of saving credentials within the data source?

What is the exact risk of saving credentials within the data source?

book

Article ID: KB0075826

calendar_today

Updated On:

Products Versions
Spotfire Server 7.5 and higher

Description

When saving credentials with the connection data source, the credentials are stored in plain text and its therefore a security risk. The resolution section explains how the unencrypted credentials can be seen.

Issue/Introduction

This article will help you understand the risk of saving credentials within the data source connection

Resolution

If the data connection is saved in the library with the option "Yes, save credentials with the connection data source" selected, the credentials are embedded in the data connection.

User-added image

When the data connection is exported from library, using Tools==>Library Administration==>Export, the exported file goes to "<Spotfire Server Installation Directory>\tibco\tss\<version>\tomcat\application-data\library". This exported zip file when unzipped, will have a file in it with a random id and this file will have the unencrypted data connection credentials in it. So, anyone having access to this path on Spotfire server will be able to see the unencrypted data connection credentials.

Additional Information

Doc: Database Credentials for Connectors​​​