User IDs and Passwords should not be Hardcoded
- Hardcoding sensitive information, such as usernames or passwords, IP addresses, and encryption keys can expose them to hackers. Anyone accessing the executable files may decompile them and find the sensitive information. Leaking data protected by official regulations like GDPR, SOX, HIPPA can generate severe legal consequences.
- Visual Expert will search for hard coded user IDs and passwords, to let you remove these security breaches.
Non-compliant Code Example
DBParm="ConnectString = 'DSN=Sales;UID=dba@123;PWD=sql1$12'" //Non compliant code (The password is hard coded)
SQLCA lnv_SQLCA lnv_SQLCA = Create SQLCA lnv_SQLCA.DBParm="ConnectString = 'DSN=Sales;UID=dba;PWD=sql'" //Non compliant code (The password is hard coded)
Compliant Code Example
DBParm="ConnectString = 'DSN=Sales;UID=" + txtuserId.Text + ";PWD=" + txtPassword.Text + "'"//Compliant code