The requirement to include a password as a command-line switch is a huge security risk.
Especially as SchemaSpy can take several minutes to run on a large database, this requirement allows any user on the system to execute a simple ps and immediately be provided with all of the login details to the database - including a password. As many users may be running with elevated privileges, in order to ensure they have the entire schema, this is a very serious potential exposure.
SchemaSpy should allow for the user to submit a command line and then subsequently prompt the user for the password. This same behavior can be seen in most every database administration tool.
Log in to post a comment.