Skip to content

Use session storage for credentials
Compare
Choose a tag to compare
@pgoldtho pgoldtho released this 09 Jul 15:25
· 26 commits to main since this release
1.2.0
3e7a7f6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Problem Description

Database credentials are stored in the Ora2Pg configuration file, potentially exposing a security risk for users of Visulate Ora2Pg who are running the application on a shared server.

Solution

Store the credentials client-side and only submit them to the server when needed for running Ora2Pg. When submitting credentials to the /exec request, encode them to avoid exposing credentials in the URL.

Business Need

Some users may be using the application on a shared server and need to avoid exposing high-level database credentials.

Assets 2
Loading