Why is this an issue?

When relying on the password authentication mode for the database connection, a secure password should be chosen.

This rule raises an issue when an empty password is used.

Noncompliant code example

Connection conn = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");

Compliant solution

String password = System.getProperty("database.password");
Connection conn = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", password);

Resources