Hi, When i create a configuration in a Mendix app to connect to an external database, e.g. PostgreSQL, and do not use the integrated security, I have to fill in a username and password. Is is true that this password is committed in the code and shared with team members? Why wouldn't it work the same as private values for constants? This seems like a major security leak to me if this is true, am I overlooking something? Do you have tips on how you deal with this?
asked
Kevin Geevers
1 answers
0
You're completely right: the configuration is commited with the app model.
Private constants are a small fix on top of this otherwise insecure concept.
It's usually not a major issue, since local DB's for testing are just only locally accessible.