Database connection data

ID

db_assignment_attached_port

Severity

info

Vendor

-

Family

Data Storage Secret

Description

Database systems (relational or not) are critical elements in IT infrastructure. Any leak of connection data. Connection data includes database server hostname/IP, username, connection strings or URLs, etc.

Database password is not included in this scope, and when compromised the

Security

Any database connection data is a potential secret reported by this detector.

Accidentally checking-in connection data to source control repositories could compromise your DB resource.

Examples

db.url=jdbc:db2://google.com/dev:50003
db.url=jdbc:sqlserver://google.com/dev:50003

Mitigation / Fix

  1. Remove the reported database connection data from the source code or committed configuration file. Look for alternatives to the configuring the data from a source not stored under version control system.

  2. You may leverage the moment for Preventing good people doing bad things_. Database accounts should follow the principle of minimum privilege. If the database account is used by application software, ensure that the privileges granted are strictly those necessary for the application.