I noticed that the BASServer.props contains the password for the database root user in a readable form (i.e. non-encrypted). This means that anyone with access to that file can see the password and therefore access the database. Is this how it is supposed to be? To me it seems a potential security issue.
Of course I realize that in order to access the .props file, you need to have access to the server and if someone has already access to the server, there may be other ways to hack into the database (or cause other problems). Still, it surprised me that the password was clearly spelled out in a plain text file.
Is there any way to resolve this? I tried to modify the file and simply remove the password, but that just resulted in the AIM Server failing to start (with a rather ungraceful exception error).
Readable database password in BASServer.props
nhofkes wroteI noticed that the BASServer.props contains the password for the database root user in a readable form (i.e. non-encrypted). This means that anyone with access to that file can see the password and therefore access the database. Is this how it is supposed to be? To me it seems a potential security issue.
Of course I realize that in order to access the .props file, you need to have access to the server and if someone has already access to the server, there may be other ways to hack into the database (or cause other problems). Still, it surprised me that the password was clearly spelled out in a plain text file.
Is there any way to resolve this? I tried to modify the file and simply remove the password, but that just resulted in the AIM Server failing to start (with a rather ungraceful exception error).
This IS a security issue and there has been a active feature request to fix this for many years. The logic from Awaresoft if I remember correctly is, the server should be secure so no unauthorized users can access the server and then isn´t that bad and I can understand that but I would still prefer to have this fixed 
.