11 lines
734 B
Plaintext
11 lines
734 B
Plaintext
== Recommended Secure Coding Practices
|
|
|
|
Only administrators should have access to the MWS credentials used by your application.
|
|
|
|
As a consequence, MWS credentials should not be stored along with the application code as they would grant special privilege to anyone who has access to the application source code.
|
|
|
|
Credentials should be stored outside of the code in a file that is never committed to your application code repository.
|
|
|
|
If possible, a better alternative is to use your cloud provider's service for managing secrets. On AWS this service is called https://aws.amazon.com/fr/secrets-manager/[Secrets Manager].
|
|
|
|
When credentials are disclosed in the application code, consider them as compromised and revoke them immediately. |