Menu
I submitted my application EAR to Veracode Security scanning tool and got this flaw in the below piece of code :
private String url = "jdbc:mysql://localhost:8081/sql";
private String userName = "xyz";
private String password = "abc";
DriverManager.getConnection(url, user, password); // At this line i am getting this flaw.
Someone please help me on how to resolve CWE-259: Use of Hard-coded Password Flaw.
891
The reason you are getting the hard-coded password flaw is because in line three of your snippet you are hard-coding your password in a variable. This is because you are storing sensitive information (username and password) in the source code, which is a flaw because your can source can be decompiled.
One way to fix this flaw is to store the credentials in a strongly encrypted file, or apply strong one-way hashes to the credentials and store those hashes in a configuration file.
You can get more information here: http://cwe.mitre.org/data/definitions/259.html
84
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
