user3048261
Reputation: 21
Appscan Issues: Authentication.Credentials.Unprotected
Appscan Tool is reporting issues while using the following code segment in my application:
con=DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:xe","system","oracle");
The issue is of type Authentication.Credentials.Unprotected.
Can someone suggest me the way to resolve these type of issues.
Upvotes: 2
Views: 2134
Answers (1)
Leonid Glanz
Reputation: 1261
Appscan is reporting the problem that your credentials are in plain text.
You should hide the credentials. One way is to read the credentials from a property file like this:
Properties props = new Properties();
props.load(new FileInputStream("credentials.txt"));
con = DriverManager.getConnection(props.getProperty("connectionUrl"),
props.getProperty("user"),
props.getProperty("password"));
The credentials.txt looks like that:
connectionUrl=jdbc:oracle:thin:@localhost:1521:xe
user=system
password=oracle
If that are your real credentials, then you should change them now.
If you want to be more secure, then you should also encrypt the credentials in the file and decrypt them before accessing the database.
I hope it helps. Have a nice day.
Upvotes: 1