Product: TIBCO Spotfire®
What is the exact risk of saving credentials within the data source?
When saving credentials with the connection data source, the credentials are stored in plain text and its therefore a security risk. The resolution section explains how the unencrypted credentials can be seen.
If the data connection is saved in the library with the option "Yes, save credentials with the connection data source" selected, the credentials are embedded in the data connection.
When the data connection is exported from library, using Tools==>Library Administration==>Export, the exported file goes to "<Spotfire Server Installation Directory>\tibco\tss\<version>\tomcat\application-data\library". This exported zip file when unzipped, will have a file in it with a random id and this file will have the unencrypted data connection credentials in it. So, anyone having access to this path on Spotfire server will be able to see the unencrypted data connection credentials. Doc: Database Credentials for Connectors???