Security [SOLVED]: In XML, is value="[PASSWORD]" a hardcoded password?

Security [SOLVED]: In XML, is value="[PASSWORD]" a hardcoded password?

Home Forums Security Security [SOLVED]: In XML, is value="[PASSWORD]" a hardcoded password?

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #36328

    Anonymous

    QuestionQuestion

    I have searched but cannot find an answer to what should be a pretty simple question: Is the following a hardcoded password?

    <system-properties>
      <property name="javax.net.ssl.trustStorePassword" value="[PASSWORD]"
    </system-properties>
    

    The code also uses
    keystore-password=”[PASSWORD]”
    truststore-password=”[PASSWORD]”

    I am reviewing code for vulnerabilities, so I cannot rewrite the code.

    Thank you!

    #36329

    Anonymous

    Accepted AnswerAnswer

    XML itself doesn’t care whether a password is hardcoded or not, but clearly if you’re storing passwords unencrypted in an XML file, it’s a security risk, as it would be for any file format.

    Source: https://stackoverflow.com/questions/47877886/in-xml-is-value-password-a-hardcoded-password
    Author: kjhughes
    Creative Commons License
    This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.