52 lines
1.5 KiB
Plaintext
52 lines
1.5 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
== Recommended Secure Coding Practices
|
|
|
|
Do not enable debugging features on production servers.
|
|
|
|
The ``++DEBUG++`` and ``++DUMP++`` statements can expose sensitive information to attackers and should not be included in production code.
|
|
|
|
== Sensitive Code Example
|
|
|
|
[source,rpg]
|
|
----
|
|
H*-------------------------------------------------------------------------
|
|
H DATEDIT(*YMD) DEBUG(*YES)
|
|
H**************************************************************************
|
|
|
|
C SR990 BegSR
|
|
C 'CVTERR' DUMP DUMP for error
|
|
C Move *on *INLR
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,rpg]
|
|
----
|
|
H*-------------------------------------------------------------------------
|
|
H DATEDIT(*YMD)
|
|
H**************************************************************************
|
|
|
|
C SR990 BegSR
|
|
C Move *on *INLR
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|