Click here to Skip to main content
15,443,631 members
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
I have a parameter with name string password
While scan using checkmarx the password keyword is found as heapInspection in
could you please suggest how to fix this

What I have tried:

SecureString password=new SecurePassword();

foreac(char c in ConfigPassword)
{
password.Add(c);
}
password.Dipose();

but the actual password is not getting is i use this?
Could you please sugegst better approach for this issue
Posted
Updated 4-Mar-21 23:51pm
Comments
Chris Copeland 5-Mar-21 5:02am    
May I ask why you think this would be necessary? In theory an ASP.NET server would be running on a non-client machine, probably a server somewhere within the infrastructure of the business. Your application code shouldn't be exposed to users, only to administrators maintaining the software, who would probably have access to the password stored in a configuration file?

1 solution

If the password is actually encrypted, you can mitigate the reported item by pointing that out.

You can probably skirt that reported issue entirely by calling it something other than "password". We use "TheP" to avoid problems from a similar scanning tool.
 
Share this answer
 
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900