58 lines
1.4 KiB
Plaintext
58 lines
1.4 KiB
Plaintext
|
|
include::../../../shared_content/secrets/description.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../../../shared_content/secrets/rationale.adoc[]
|
|
|
|
=== What is the potential impact?
|
|
|
|
Below are some real-world scenarios that illustrate some impacts of an attacker
|
|
exploiting the secret.
|
|
|
|
:service_name: IBM Cloudant
|
|
:secret_type: service password
|
|
|
|
include::../../../shared_content/secrets/impact/data_compromise.adoc[]
|
|
|
|
include::../../../shared_content/secrets/impact/data_modification.adoc[]
|
|
|
|
include::../../../shared_content/secrets/impact/financial_loss.adoc[]
|
|
|
|
|
|
== How to fix it
|
|
|
|
include::../../../shared_content/secrets/fix/revoke.adoc[]
|
|
|
|
include::../../../shared_content/secrets/fix/vault.adoc[]
|
|
|
|
=== Code examples
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,java,diff-id=1,diff-type=noncompliant,subs="attributes"]
|
|
----
|
|
props.set("cloudant.username", "name");
|
|
props.set("cloudant.password", "10db3f279df241bad2a9692a6a412f80bf3cadba00ace324a1cf6f159f00d019"); // Noncompliant
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,java,diff-id=1,diff-type=compliant,subs="attributes"]
|
|
----
|
|
props.set("cloudant.username", System.getenv("CLOUDANT_USERNAME"));
|
|
props.set("cloudant.password", System.getenv("CLOUDANT_PASSWORD"));
|
|
----
|
|
|
|
//=== How does this work?
|
|
|
|
//=== Pitfalls
|
|
|
|
//=== Going the extra mile
|
|
|
|
== Resources
|
|
|
|
include::../../../shared_content/secrets/resources/standards.adoc[]
|
|
|
|
//=== Benchmarks
|