Really? You asked for Secure… surely that’s a good enough reason?
Sorry for the satire…it’s early 5AM, I was awake…
By definition when using any type of system you have to store the password somewhere, this is NOT just a BonitaSoft issue by the way, it affects all software.
There are multiple reasons for not using the standard SQL Connector as follows:
Ease of updating - How may processes/Connectors do you have to edit and re-promote to production when you need to change the password? 1, 10, 100? We found this very quickly becomes a mess…Getting the password from a parameter file means one change for all. So ease of updating it is…
The use of Development vs Production Environments - Production should always use a different password from that of Development. Just imagine a developer writing a Delete process pointing it at the wrong location and, well shall we say good bye to all customers we’ve stored on the database. No we’ve not done that but we’ve got close. When exporting the Development and Promoting the process - the password will move with it…not a fan.
Now before you ask about Development vs Production environments and the use of Parameters. Parameters have to defined for each process and the configurations are set during development deployment, meaning the developers have the Production Password, not very secure is it? And before you say but you can change the password in Administrator view, you can only modify a parameter in Administrator view in Bonita BPM Performance and Efficiency editions only. This goes against Ease of updating and the (in my view) correct implementation of Development vs Production Environments.
I could go on and on, but for now I leave the most important reason to last.
As you have already found, the usernames and passwords of the SQL connector are stored in PLAIN TEXT in the diagram…yes it should be encrypted but it’s not, and should BonitaSoft encrypt it - yes, of course they should - but they don’t today.
That alone should say Do Not Use Standard Connector.
Hope this helps
regards
Seán