Menu
On scanning code using checkmarx for security vulnerabilities, a privacy violation issue was reported pointing to a variable name.
public const string Authentication = "authentication";
I am using this variable to create a region in cache by this name("authentication") which stores all the authentication related details.
Is it right to change this variable name into some less meaningful name in order to fix privacy violation issue. How is this a security threat?
383
Checkmarx is looking for variables with names like 'password', 'credentials', 'Authentication' etc.. and when it sees that you are assigning them a value, it warns you that you might be storing sensitive information in the code (hardcoding it). In the case that you mentioned it looks like a false positive because this is not sensitive information.
155
It's probably a false positive. You should see what the privacy violation rule looks for, and understand how it works...
You can also mark it as false positive and move on... Change status to not exploitable
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
