SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 6

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The user name and password fields in the SQL connection request are hard coded in this noncompliant code example:

Code Block
bgColor#FFcccc
languagecpp
/* Returns nonzero if authenticated */
int authenticate(const char* code);

int main()public final Connection getConnection() throws SQLException {
  return DriverManager.getConnection(
  if (!authenticate("correct code")) {
    "jdbc:mysql://localhost/dbName", printf("Authentication error\n");
    return -1;
  }

 "username", "password printf("Authentication successful\n");
}

  // ...Work with system...
  return 0;
}

Note that the one- and two-argument java.sql.DriverManager.getConnection() methods can also be used incorrectly.

...

Code Block
bgColor#ccccff
languagecpp
/* Returns nonzero if authenticated */
int authenticate(const char* code);

int main() {
#define CODE_LEN 50
  char code[CODE_LEN];
  printf("Please enter your authentication code:\n");
  fgets(code, sizeof(code), stdin);
  int flag = authenticate(code);
  memset_s(code, 0, sizeof(code));
  if (!flag) {
    printf("Access denied\n");
    return -1;
  }
  printf("Access granted\n");
  // ...Work with system...
  return 0;
}

It is also permissible to prompt the user for the user name and password at runtime.

...