Ravinder,
Many systems on the network require passwords to be stored in a flat file.
It's not always avoidable, so you can't say "NEVER NEVER DO THIS"... spoken much like someone who has not built a production application which uses clear text passwords.
Theory is not always the same in practice.
Normally, these kind of DB passwords are stored in plaintext in files which are hidden from users, so we must look at who has access to the system, the risk, the criticality of the application and other risk management factors.
Quote:
Originally Posted by
karumudi7
Yes, I understand and I use SSH keys for password-less connections.
But it is more like when you are interacting with other services like database etc.
This is correct. Many CMS programs like WordPress store the DB passwords in clear text in a flat configuration file.