I’ve been doing some work which involves comparing a couple databases to identify differences so I could get them all in sync.

I decided to test out a program I found a while back OpenDBDiff

GitHub - OpenDBDiff/OpenDBDiff: A database comparison tool for Microsoft SQL Server 2005+ that reports schema differences and creates a synchronization script.

A database comparison tool for Microsoft SQL Server 2005+ that reports schema differences and creates a synchronization script. - OpenDBDiff/OpenDBDiff

I’ve been pleasantly surprised by this tools as it works, even with Azure databases, and is quick generating all the information I required.

That said, and one of the many reason why you need to be cautious with any software, but especially open-source software is I decided to do a little digging and discovered that all the account credentials were simply stored as plain text accessible to any hacker that might one day compromise my system!

In today’s world this is simply inexcusable!  With all the encryption/hashing libraries out there, there is no reason why you would ever store such information as plain text.

I’ve created an issue in the project page and hope the developer will address the issue quickly as this is a MAJOR security hole, but for me, I have deleted the app and all associated configuration files as it is my responsibility to my clients’ data safety!