Forum Stats

  • 3,839,727 Users
  • 2,262,531 Discussions
  • 7,901,049 Comments

Discussions

When will the Oracle extension for a vs code store passwords encrypted?

User_NVMUJ
User_NVMUJ Member Posts: 13 Red Ribbon

Currently the Oracle extension for vs code stores passwords as clear text. This applies to all versions of the extension including the most recently released version 21.4.0

When will the extension store the passwords encrypted?


e.g. using the create connection dialog:

In the dialog the password is hidden, however in the settings file, it is in clear text:

    {

      "authenticationType": 1,

      "dBAPrivilege": "SYSDBA",

      "userID": "SYS",

      "passwordSaved": true,

      "password": "oracle",

      "dataSource": "localhost:1521/xepdb1",

      "connectionType": 2,

      "databaseHostName": "localhost",

      "databasePortNumber": "1521",

      "databaseServiceName": "xepdb1",

      "name": "SYS.xepdb1",

      "currentSchema": "",

      "tnsAdmin": "C:\\Users\\geral\\Oracle\\network\\admin"

    }


Now, if this was a connection to a production database, it could be used by an intruder.

On Windows, e.g. this extension should use the Windows Credential Manager to store passwords securely

Tagged:

Best Answer

  • Christian.Shay -Oracle
    Christian.Shay -Oracle Posts: 2,168 Employee
    Answer ✓

    Hi,

    Thanks for the feedback!

    Yes, we have this planned for a future release.

    You can avoid the password being saved in the settings file by unchecking the "Save Password" checkbox in the connection dialog. You will then be prompted for the password when you first open Oracle Database Explorer.

Answers

  • Christian.Shay -Oracle
    Christian.Shay -Oracle Posts: 2,168 Employee
    Answer ✓

    Hi,

    Thanks for the feedback!

    Yes, we have this planned for a future release.

    You can avoid the password being saved in the settings file by unchecking the "Save Password" checkbox in the connection dialog. You will then be prompted for the password when you first open Oracle Database Explorer.