Conversation
| @@ -0,0 +1 @@ | |||
| API_token="122345fdfslkls" | |||
There was a problem hiding this comment.
Auto-generated PR comment (Polaris)
Polaris SAST Issue - Hard-coded Secrets in Server-side Code
Low CWE-798
A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to.
How to fix
Sensitive information such as access credentials, passwords, and cryptographic keys should not be stored in the source code. Always store secrets outside the source code. When possible, keep them in a strongly-protected, encrypted configuration file or database that is protected
from access by all outsiders, including other local users on the same system.
One solution is to encrypt passwords within the properties file and store the key in a safe location. This is especially necessary if people other than the administrators have access to the properties file. Upon encryption, if different people need access to the properties file, access to the encryption key should be restricted. There are different options to implement such solutions depending on the deployment scenario. For example, on Windows you may consider using the Data Protection API (DPAPI or the newer DPAPI-NG).
1 participant
No description provided.