This Spring Boot web application is storing datasource credentials in plain text in the properties files via spring.datasource.password=. It's not recommended to store plain text passwords in configuration files.


It's recommended to encrypt the credentials using a library like Jasypt. By using Jasypt, you can provide encryption for the property sources and the application can decrypt the encrypted properties and retrieve the original values.


Related Vulnerabilities