Security Username and Password cc4m_logo_inline

TitleDo not use hard-coded values for Username and Password.
Severity level3
DescriptionDo not use hard-coded values for the properties Username and Password, instead obtain these via a user input action or read them from a (secured) file.
RationaleFor security reasons, it is discouraged to use hard-coded username and password since this way they can be easily shared with others accidentally.



creds = Credentials('Username', 'John', 'Password', 'secret');
weboptions("Username", "John", "Password", "secret");

Instead use:


% Ask the user to provide a username and password, for example using a dialog or prompt:
[username, password] = showLoginDialog();

creds = Credentials('Username', username, 'Password', password);
weboptions("Username", username, "Password", password);

Note: This is just one example of how to obtain credentials without hardcoding them. Ask your IT department for the available options.