...
| Code Block | ||
|---|---|---|
| ||
public final Connection getConnection() throws SQLException {
char[] username = new char[16];
char[] password = new char[16];
// Username and password are read at runtime from a secure config file
return DriverManager.getConnection(
"jdbc:mysql://localhost/dbName",
username.toString(), password.toString());
for (int i = username.length - 1; i >= 0; i--) {
username[i] = 0;
}
for (int i = password.length - 1; i >= 0; i--) {
password[i] = 0;
}
}
|
...
MSC18-C. Be careful while handling sensitive data, such as passwords, in program code | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5a7fde28d06a3947-eca08e16-408c4aec-8772986b-ce5f336eb8429b8d491ebc69"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Hard-coded Password [XYP] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-259. Use of hard-coded password | ||||
| CWE-798. Use of hard-coded credentials |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="962f9de29e5b00c4-10ef0579-43dd4380-b85596ac-3b76fe585f4fc2b37119315e"><ac:plain-text-body><![CDATA[ | [[Chess 2007 | AA. References#Chess 07]] | 11.2, Outbound Passwords: Keep Passwords out of Source Code | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bd1b1afdcb33d043-5939718f-4aad44b1-ba37b301-f579ba4c9bd84549f691aede"><ac:plain-text-body><![CDATA[ | [[Fortify 2008 | AA. References#Fortify 08]] | Unsafe Mobile Code: Database Access | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="efedcffbee56ab72-83147eef-4ee74954-95bfaa49-ec5fdba5eb1f5e7f3d3fa2da"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. References#Gong 03]] | 9.4, Private Object State and Object Immutability | ]]></ac:plain-text-body></ac:structured-macro> |
...