Is password encryption used in connections.json secure?

Marian_

We are using CMU with AD athentification method, but I received question if SQL Developer password encryption is secure enough because in connections.json is stored encrypted AD password. As you can see here https://github.com/maaaaz/sqldeveloperpassworddecryptor decrypting is not very difficult task.

My question to oracle guys (Jeff S. ?). Is planned any more secure encryption method?

I know best way is implement SSO method, but it is not so easy from client view as using AD username/password.

Thanks.

Marian

thatJeffSmith-Oracle

Is your machine secure? If not, then I wouldn't save passwords in any of your files.