Hard coding sensitive information, such as passwords, server IP addresses, and encryption keys can expose the information to attackers. Anyone who has access to the class files can decompile them and discover the sensitive information. Consequently, programs must not hard code sensitive information.
Wiki Markup
Noncompliant Code Example
...
MSC18-C. Be careful while handling sensitive data, such as passwords, in program code | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="deab4a6d-0a87-4173-8d35-6632dbf7399c"><ac:plain-text-body><![CDATA[ | http://www.aitcnet.org/isai/] | Hard-coded Password [XYP] | ]]></ac:plain-text-body></ac:structured-macro> | |
CWE-259. Use of hard-coded password | ||||
| CWE-798. Use of hard-coded credentials |
Bibliography
...
[[Chess 2007AA. References#Chess 07] ] | 11.2, Outbound Passwords: Keep Passwords out of Source Code | ]]></ac:plain-text-body></ac:structured-macro> | <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d9e6bddf-ab3b-4570-a6a2-cd013836a406"><ac:plain-text-body><![CDATA[ |
[[Fortify 2008AA. References#Fortify 08] ] | Unsafe Mobile Code: Database Access | ||
]]></ac:plain-text-body></ac:structured-macro> | <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e640f8cb-0a7f-4f20-b868-b42ce8ec217b"><ac:plain-text-body><! [CDATA[ [[Gong 2003AA. References#Gong 03] ] | 9.4, Private Object State and Object Immutability ]]></ac:plain-text-body></ac:structured-macro> |
...