22 lines
969 B
Plaintext
22 lines
969 B
Plaintext
=== on 8 Oct 2014, 07:14:42 Nicolas Peru wrote:
|
|
\[~freddy.mallet] Ok for this rule in java, to detect cases such as the noncompliant one. Should such rule also be extended to check some of the classical JEE xml configuration files (using the XML plugin then) ?
|
|
|
|
=== on 12 Oct 2014, 19:08:17 Freddy Mallet wrote:
|
|
@Ann I would make this rule also covering Findbugs rule DMI_CONSTANT_DB_PASSWORD. The title could then become :
|
|
|
|
|
|
"Databases should be password-protected and password should not be hardcoded"
|
|
|
|
=== on 14 Oct 2014, 14:32:18 Ann Campbell wrote:
|
|
\[~freddy.mallet] I had already defined RSPEC-2068 for that, and the reasonings are slightly different. Do you still want me to combine them?
|
|
|
|
=== on 14 Oct 2014, 21:08:15 Freddy Mallet wrote:
|
|
Ok fine [~ann.campbell.2]
|
|
|
|
=== on 16 Jan 2015, 08:56:12 Sébastien Gioria wrote:
|
|
Could be tag OWASP Top10. A6-Security Misconfiguration
|
|
|
|
=== on 19 Jan 2015, 08:45:26 Ann Campbell wrote:
|
|
Thanks [~sebastien.gioria], done!
|
|
|