# Missing database password detected

## Overview

* **Rule ID**: `java_lang_empty_database_password`
* **Applicable Languages**: Java
* **Weakness ID**: CWE-306

## Description

Leaving a database password empty exposes the database to unauthorized access and manipulation. Implementing strong authentication measures is crucial to safeguard database content.

## Remediation Guidelines

* **Do not** configure database servers without setting a password, as this leaves the database vulnerable to unauthorized access.
* **Adopt secure password management practices**. Use a Key Management Service (KMS) to handle database passwords securely, ensuring they are not exposed in application code or configuration files.

## References

* [**OWASP hardcoded passwords**](https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_password)
* [**CWE-306: Missing Authentication for Critical Function**](https://cwe.mitre.org/data/definitions/306.html)
* [**OWASP Top 10: A07:2021 - Identification and Authentication Failures**](https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/)

## Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our [**SAST TOOL**](https://scopy.sec1.io/login)