integrated security

[Nick Harvey]

When using an external DB such as MSSQL (in my case) for the CVE cache, is it possible to use integrated security, where the user executing the process is used to authenticate to the DB, instead of explicitly defining a user/password to use for authentication? As far as I can tell, if the user/password is not explicitly set, it will default to the dcuser and hard-coded password specified in org.owasp.dependencycheck.data.nvdcve.ConnectionFactory - am I missing something?

(not entirely sure, but based on some of the stuff I found on stackoverflow, this may be a limitation of the MS provided MSSQL JDBC driver itself ...)

Thanks!

[Jeremy Long]

I just made a minor update to the code; when 3.x is released (relatively soon) this will be possible. If Integrated Security=true or Trusted_Connection is in the connection string the username and password are not used.

--Jeremy

[Nick Harvey]

That's great, thank you! I'll keep an eye out for the release