[epalm]

Looks nice, both the site and the app! The first thought I had though was, here's a central place where potentially hundreds, thousands, perhaps tens of thousands (or more, depending on how successful you are) of database credentials are stored. Your https://visualdb.com/datasecurity/ page says "Database credentials are encrypted before being stored" but how do I know that? Encrypted how? This equates to "I pinky promise I won't get hacked, and even if I do, all your passwords would be impossible to crack anyways". Security-conscious users probably will need a bit more than that. Any thoughts on using other authentication methods?

Edit: as other commenters have mentioned, an on-prem version would certainly ease concerns a bit.

[sandhya6]

Thanks for raising those points. To maximize security we are prioritizing on-prem version.

[gregw2]

Don't store database credentials at all. Ensure your product and recommended database configuration supports SSO/SAML/etc with credentials managed through Okta or Active Directory. You'll need that if you go up-market into an enterprise.

[anakaine]

[deleted]

[breadwinner]

You can't store database passwords as hashes, because you need the clear password each time to connect to the database. Really, the only way to guarantee security is to use air-gapped systems, in which case you only have to worry about guarding physical access. See https://www.nextgov.com/artificial-intelligence/2024/05/micr...