I’m replying to you to ensure KNIME team will read this.
This issue really needs to be addressed. I played around a bit and noticed also below explained problematic behavior.
Component with Credentials node and a connector (oracle, but that probably doesn’t matter). I add default values into the Credentials nodes and select to save the password and prompt for user name:
Then on the component I enter a different user and password and execute the component. I have the DB Session connected to a DB Query Reader that reads from a table without schema name. meaning reading will fail if I connect with wrong user (schema).
The default user is the correct user. The one entered into the Configuration Dialog is the wrong user. Therefore I have a connection with the wrong user and the reader fails:
I save the workflow and close it. Then I reopen the workflow and the connection seems OK and the reader is yellow:
And I can actually execute it:
Which means and is confirmed by looking at the session object, the session is created with the default user and not the user in the configuration dialog. This can actually be dangerous if I created a component with a highly privileged user as default and then share it. Or it can simply be confusing. The issue also is why the default values are saved but the password entered into the dialog is not even if the checkbox to save the password is checked? It’s confusing.
Having a configurable credentials simply does not work!
I also looked at the source and it seems the password is encrypted with DES. While I doubt even most skilled users would fails to crack it, why not simply updated this to AES? As far as I can tell that would be with testing, documentation etc. max 1 day of work and then you can remove the warning about weak encryption and also use AES to store the value entered in the Configuration dialog.
Or as Jan suggest. Simply as before allow to set plaintext passwords either on credentials or the connector directly. This would probably be the preferred solution. Think of scheduled workflows on the server. No way to enter DB credentials. So they will have to be stored.