As usual going through code (part of learning process) ended up looking into txt.txt which contains db connection string with credentials in it IN PLAIN STRING!!

You might want to look into that.

Thanks, are you talking about password=JGq4DVRwcZzU-hq10n4U_JeSv4aEG9SQ

The beauty of Spring of spring security is that it will generate a temporary password in dev mode if you don't assign on. txt.txt was a dump during dev (left in error) but all passwords are temporary (I believe).

If I'm missing something please let me know.

I understand that part but the credentials still work.

PS : Tried to smudge as much possible to show that the credentials still work.

oh wow - ok thanks I'll take a look

Ok, I think what happened is that I took a dump of the startup to do some debugging and the db connection string was written out - nothing to do with spring security.

I'm not a dba so I just blew away the db and provisioned a new one and re entered the data.

Thanks for the heads up. I think it should all be sorted now. If not please let me know else I'll close the issue.