Databases should always be password protected. The use of a database connection with an empty password is a clear indication of a database that is not protected.
This rule flags database connections with empty passwords.
Connection conn = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "AppLogin", ""); Connection conn2 = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true?user=user&password=");
DriverManager.getConnection("jdbc:derby:memory:myDB;create=true?user=user&password=password"); DriverManager.getConnection("jdbc:mysql://address=(host=myhost1)(port=1111)(key1=value1)(user=sandy)(password=secret),address=(host=myhost2)(port=2222)(key2=value2)(user=sandy)(password=secret)/db"); DriverManager.getConnection("jdbc:mysql://sandy:secret@[myhost1:1111,myhost2:2222]/db"); String url = "jdbc:postgresql://localhost/test"; Properties props = new Properties(); props.setProperty("user", "fred"); props.setProperty("password", "secret"); DriverManager.getConnection(url, props);