Home

User IDs and Passwords should not be Hardcoded

Rule description

  • Hardcoding sensitive information, such as usernames or passwords, IP addresses, and encryption keys can expose them to hackers. Anyone accessing the executable files may decompile them and find the sensitive information. Leaking data protected by official regulations like GDPR, SOX, HIPPA can generate severe legal consequences.
  • Visual Expert will search for hard coded user IDs and passwords, to let you remove these security breaches.

 

Non-compliant Code Example

DBParm="ConnectString = 'DSN=Sales;UID=dba@123;PWD=sql1$12'" //Non compliant code (The password is hard coded)
SQLCA lnv_SQLCA
lnv_SQLCA = Create SQLCA
lnv_SQLCA.DBParm="ConnectString = 'DSN=Sales;UID=dba;PWD=sql'" //Non compliant code (The password is hard coded)

Compliant Code Example

DBParm="ConnectString = 'DSN=Sales;UID=" + txtuserId.Text + ";PWD=" + txtPassword.Text + "'"//Compliant code
Visual Expert 2020
 VEPBRULE4