If so, click to download 15 days full version for free!
It may seem a good idea to keep a password in the configuration file, as long as it’s not in the code.
Because this method of storing seems to be very convenient, simple and secure. However, there are a substantial amount of standards (such as PCI-DSS, HIPAA, SOX etc.) that have put rules against this style of coding. Moreover, it’s in fact hard to maintain a password this way since the password might change or locked, as such needs maintenance.
Additionally, if a hacker somehow successfully gathers a piece of the code, he will eventually get the hardcoded password. GitHub is one example of medium where a lot of software projects have hardcoded passwords stored in the configuration.
Although keeping any type of credentials in a configuration file is more secure than keeping them in the code, there are still a large room of improvement when storing credentials in a secure way is the focus.
<configuration> <appSettings> <add key="password" value="mPas$$W00rd" /> <add key="secret" value="" /> </appSettings>
If so, click to buy now for yearly subscriptions!