Good day, It is great news that commons dbcp version 2.9.0 is imminent. As known, connection URL can also contain credentials via a format like so:
jdbc:oracle:thin:[<user>/<password>]@<host>[:<port>]:<SID>or jdbc:mysql://myhost1:3306/db_name?user=root&password=mypass For a more robust sensitive information exposure protection, does it not make sense to scrub url of possible username/password data before appending the url in the toString() method, say, in class DriverAdapterCPDS? Regards, Adesina
