Menu
In my application I have a ApplicationConstants.java class that serve for String Constants used in the application.
I have public static final String PASSWORD = "password" as one of the constant. Sonar throws an error for that as below. Kindly let me know if there is a way to handle the same.
Sonar error: Description Assignee Resource New issue Credentials should not be hard-coded : Remove this hard-coded password. EnrollmentConstant.java false
954
You should move the password to configuration.
142
you should either extract it to properties file. Here you can read how to do it
You can also put it on application server as a system property and expect it to be present on production machine (Wildfly server for example) and then read it using System.getProperty(key). This complicates deployment a little bit, but production password will not be present in project.
If you use Spring you can load value to bean using @Value annotation. Here you can read how to do this.
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
