Missing database password detected
Last updated
Last updated
Rule ID: java_lang_empty_database_password
Applicable Languages: Java
Weakness ID: CWE-306
Leaving a database password empty exposes the database to unauthorized access and manipulation. Implementing strong authentication measures is crucial to safeguard database content.
Do not configure database servers without setting a password, as this leaves the database vulnerable to unauthorized access.
Adopt secure password management practices. Use a Key Management Service (KMS) to handle database passwords securely, ensuring they are not exposed in application code or configuration files.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our