2023-05-03 11:06:20 +02:00
|
|
|
== Why is this an issue?
|
|
|
|
|
|
2020-06-30 12:48:07 +02:00
|
|
|
include::../description.adoc[]
|
|
|
|
|
|
2023-05-03 11:06:20 +02:00
|
|
|
=== Noncompliant code example
|
2020-06-30 12:48:07 +02:00
|
|
|
|
2022-02-04 17:28:24 +01:00
|
|
|
[source,php]
|
2020-06-30 12:48:07 +02:00
|
|
|
----
|
2021-02-17 12:23:45 +01:00
|
|
|
// example of an empty password when connecting to a mysql database
|
|
|
|
|
$conn = new mysqli($servername, $username, "");
|
|
|
|
|
----
|
|
|
|
|
|
2023-05-03 11:06:20 +02:00
|
|
|
=== Compliant solution
|
2020-06-30 12:48:07 +02:00
|
|
|
|
2022-02-04 17:28:24 +01:00
|
|
|
[source,php]
|
2021-02-17 12:23:45 +01:00
|
|
|
----
|
|
|
|
|
// generate a secure password, set it to the username database, and store it in a environment variable for instance
|
|
|
|
|
$password = getenv('MYSQL_SECURE_PASSWORD');
|
|
|
|
|
// then connect to the database
|
|
|
|
|
$conn = new mysqli($servername, $username, $password);
|
2020-06-30 12:48:07 +02:00
|
|
|
----
|
|
|
|
|
|
|
|
|
|
include::../see.adoc[]
|
2021-06-02 20:44:38 +02:00
|
|
|
|
2021-06-03 09:05:38 +02:00
|
|
|
ifdef::env-github,rspecator-view[]
|
2021-09-20 15:38:42 +02:00
|
|
|
|
|
|
|
|
'''
|
|
|
|
|
== Implementation Specification
|
|
|
|
|
(visible only on this page)
|
|
|
|
|
|
|
|
|
|
include::../message.adoc[]
|
|
|
|
|
|
2021-06-08 15:52:13 +02:00
|
|
|
'''
|
2021-06-02 20:44:38 +02:00
|
|
|
== Comments And Links
|
|
|
|
|
(visible only on this page)
|
|
|
|
|
|
|
|
|
|
include::../comments-and-links.adoc[]
|
2021-06-03 09:05:38 +02:00
|
|
|
endif::env-github,rspecator-view[]
|
