I just saw Steve Muench's post to his blog titled "Improving the Comments in my Custom JDBC URL Example for Pete
" (I think that is the first blog entry I have seen addressed to me!). Steve has made some changes to the comments in his example code that he discusses in his earlier post "Providing Fixed JDBC Credentials from Custom Source
" because of my comments in my post "Steve has added an undocumented sample for fixed JDBC credentials
". I said it was not a good idea to hard code passwords in applications. Steve never intended this to be the case, his new class was instead a starting point for users to read in the username and password from a more secure location such as a properties file, custom repository or something else. Steve also points out that an encrypted password will improve the security somewhat more.
Thanks for the update Steve and for the clarification.