...
In this noncompliant code example, a user name and password is read from the user and used to construct the query string. The password is passed as a char array, and then hashed, all to comply with MSC05-J. Store passwords using a hash function and MSC10MSC56-J. Limit the lifetime of sensitive data.
...