Artdlink

Where: src/main/resources/application.properties:8

datasources.default.jdbc-url=${DATASOURCE_URL:`jdbc:postgresql://localhost:5432/articon_development?user=postgres&password=7bhpw3i77bhpw3i7A`}

What's wrong: The fallback JDBC URL contains a plaintext password (7bhpw3i77bhpw3i7A), committed to git history.

Why it matters: Even if this only matches a local-dev DB today, the credential is now public to anyone with repo access, will trip up any leak-detection audit, and is impossible to scrub without history rewriting.

Suggested fix: Drop the inline fallback; require DATASOURCE_URL (or split into DATASOURCE_USER / DATASOURCE_PASSWORD). Rotate the password if the DB is reachable from anywhere shared.