Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • List of parameters:
      Hide

      Default value : password, passwd, pwd, passphrase, java.naming.security.credentials

      Show
      Default value : password, passwd, pwd, passphrase, java.naming.security.credentials
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      Connection conn = null;
      try {
        conn = DriverManager.getConnection("jdbc:mysql://localhost/test?" +
              "user=steve&password=blue"); // Sensitive
        String uname = "steve";
        String password = "blue";
        conn = DriverManager.getConnection("jdbc:mysql://localhost/test?" +
              "user=" + uname + "&password=" + password); // Sensitive
      
        java.net.PasswordAuthentication pa = new java.net.PasswordAuthentication("userName", "1234".toCharArray());  // Sensitive
      

      Compliant Solution

      Connection conn = null;
      try {
        String uname = getEncryptedUser();
        String password = getEncryptedPass();
        conn = DriverManager.getConnection("jdbc:mysql://localhost/test?" +
              "user=" + uname + "&password=" + password);
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            ann.campbell.2 Ann Campbell
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: