...
Note that the one and two argument java.sql.DriverManager.getConnection() methods may also be used incorrectly. Applets that contain similar code are also noncompliant because they may be executed in untrusted environments.
Compliant Solution
This compliant solution reads the user name and password from a configuration file present in a secure directory.
...
| Wiki Markup |
|---|
\[[Gong 03|AA. Java References#Gong 03]\] 9.4 Private Object State and Object Immutability
\[[Chess 07|AA. Java References#Chess 07]\] 11.2 Outbound Passwords: Keep Passwords out of Source Code
\[[Fortify 08|AA. Java References#Fortify 08]\] "Unsafe Mobile Code: Database Access"
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 259|http://cwe.mitre.org/data/definitions/259.html] "Hard-Coded Password" |
...