Page History

CERT C Secure Coding Standard

MSC18-C. Be careful while handling sensitive data, such as passwords, in program code

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e4229441d8208d5a-c68cfc46-4ab34d67-91ddb9dc-df6583cc0f99ec870a96e7af"><ac:plain-text-body><![CDATA[

[ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

"Hard-coded Password [XYP]"

]]></ac:plain-text-body></ac:structured-macro>

MITRE CWE

CWE-259, "Use of Hard-coded Password"

CWE-798, "Use of Hard-coded Credentials"

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="df09b832e613a47f-f6597936-467d47b4-b814ba0f-d49afad8588a927cae9c3436"><ac:plain-text-body><![CDATA[

[[Chess 2007

AA. Bibliography#Chess 07]]

11.2 Outbound Passwords: Keep Passwords out of Source Code

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f28fa2a88d6c607d-a80c7ffc-48314f1f-b86ba351-ba0fcdc7a47bdf746161214e"><ac:plain-text-body><![CDATA[

[[Fortify 2008

AA. Bibliography#Fortify 08]]

"Unsafe Mobile Code: Database Access"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="efc3dca598be0ed5-7cd42ea2-47ab4d08-b8688155-d80a25e986c740aec43f2867"><ac:plain-text-body><![CDATA[

[[Gong 2003

AA. Bibliography#Gong 03]]

9.4 Private Object State and Object Immutability

]]></ac:plain-text-body></ac:structured-macro>