...
| Wiki Markup |
|---|
Hard coding sensitive information also increases the need to manage and accommodate changes to the code. For example, changing a hard-coded password in a deployed program may require distribution of a patch \[[Chess 2007|AA. Bibliography#ChessReferences#Chess 07]\]. |
Noncompliant Code Example
...
MSC18-C. Be careful while handling sensitive data, such as passwords, in program code | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="85532780eb866e77-af7d9e49-476c43ba-99c98e44-d09d939343d1febca55a7367"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Hard-coded Password [XYP] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-259. Use of hard-coded password | ||||
| CWE-798. Use of hard-coded credentials |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1c4ee81707759e27-a8e32639-42ad4b93-a32dbfdf-d38018720231726d2b51f5e4"><ac:plain-text-body><![CDATA[ | [[Chess 2007 | AA. Bibliography#Chess References#Chess 07]] | 11.2, Outbound Passwords: Keep Passwords out of Source Code | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="096def0e7a33ccb5-32cffde8-4dc4462d-b69ab519-568f81d47e7f5610c4001eee"><ac:plain-text-body><![CDATA[ | [[Fortify 2008 | AA. Bibliography#Fortify References#Fortify 08]] | Unsafe Mobile Code: Database Access | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ac488524638baee8-4fbb55d9-41914c4b-a189b6cf-d98c1fd7f2e2a903a2b0bf09"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong References#Gong 03]] | 9.4, Private Object State and Object Immutability | ]]></ac:plain-text-body></ac:structured-macro> |
...