CODEWITHSUNDEEP
javasecuritydebugging
stormsam
stormsam

Reputation: 189

Hard coded authentication for easier debugging

to make debugging easier I coded an authentication hard in my application, like:

User admin = new User("admin", "pw");
currentUser = admin;

I’m lazy and I don’t want to delete these lines every time I publish a new version, so I created a property-File with a Debug-Flag. When the flag is set on “true”, the application starts in debug-mode without authentication, otherwise a log-in is shown.

But now I’m concerned about the fact, that its very easy to get admin-access. How would you solve that problem?

kind regards stormsam

Upvotes: 3

Views: 236

Answers (2)

sodik
sodik

Reputation: 4683

And what about put username & password inside the property file also?

Upvotes: 0

Freiheit
Freiheit

Reputation: 8767

The solution to the problem is to not do that!

This can lead to several issues:

  • Too easy to get admin access, as you state
  • Incorrect application behaviour or bad debugging info. You might test and debug as admin, but surely your users are not admins!
  • It is another control path in and of itself that has to be planned around, coded and tested

A better solution might be to have a common admin login and password on your DEV systems. So that you can just automatically type that in or code it into your tests. A common login for a regular user would also be a good idea so you can readily test with that.

Depending on what kind of testing and debugging you are doing, can you write automated tests (perhaps with JUnit and Selenium) to test your application? You can also run the tests against an instance of your app in debugging mode. The test itself will take care of the mundane setup and login steps so you can focus on the thing that needs debugged.

Upvotes: 3

Related Questions