代码扫描以进行漏洞测试. < Pre lang ＝"java"> abccontroller.java中的方法abcaccess()错误地处理了机密信息，这可能损害用户隐私并且通常是非法的. [英] Code scan for vulnerability test. <Pre lang="java">the method abcaccess() in abccontroller.java mishandles confidential information, which can compromise user privacy and is often illegal.</pre>

问题描述

如何解决Java中侵犯隐私的问题.

来源是:

How to Fix privacy violation issue in java .

Source is :

public void setPassword(String password) {
		this.password = password;
	}

它正在一种方法中使用:

finalJsonObj.put("userId"，user.getUserId());
finalJsonObj.put("userList"，userList);
返回finalJsonObj.toString();

虽然密码采用加密格式.但我不确定如何处理和解决此问题.

我尝试过的事情:

我尝试使用char []代替String作为密码.
但是不能解决问题.

and it is being use in one method:

finalJsonObj.put("userId", user.getUserId());
finalJsonObj.put("userList", userList);
return finalJsonObj.toString();

Although password in in encryption format .I am not sure how to handle and fix this issue.

What I have tried:

I tried using char[] instead of String for password .
But not able to solve the issue .

推荐答案

将password变量声明为字符串并不一定意味着它在可读文本中.这意味着它可能具有字符串声明，但是输入的值可以是哈希，加密的字符串或其他任何值.最好的办法是检查您的代码/服务提供商的代码如何输入此变量.
如果您是编码员，请使用不可逆算法来加密/密码，以确保即使有人获得了该密码表示，他/她也无法轻松地对其进行解密

Having password variable being declared as a string does not necessarily mean it is in readable text. That means it might have string declaration but value being input can be a hash, encrypted string or anything. Best thing to do is check with your code/code of service provider on how this variable is being input.
If you are coder, encrypt/password using irreversible algorithms to ensure even if someone gets that password representation he/she cannot easily decrypt it

这篇关于代码扫描以进行漏洞测试. < Pre lang ＝"java"> abccontroller.java中的方法abcaccess()错误地处理了机密信息，这可能损害用户隐私并且通常是非法的.的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！