Dear TP Team, I have identified a potential security issue regarding the standard TP driver module. Currently, the module retains user passwords in the JVM heap for the duration of its lifecycle.
This poses a risk as any heap dump, such as those caused by an Out Of Memory (OOM) error, could expose sensitive user credentials to the DevOps team or anyone with access to the dump. I believe we should address this to ensure more secure handling of passwords. Best regards, -- Andrii Lomakin YouTrackDB development lead
