代码扫描以进行漏洞测试. < Pre lang ="java"> abccontroller.java中的方法abcaccess()错误地处理了机密信息,这可能损害用户隐私并且通常是非法的. [英] Code scan for vulnerability test. <Pre lang="java">the method abcaccess() in abccontroller.java mishandles confidential information, which can compromise user privacy and is often illegal.</pre>
问题描述
如何解决Java中侵犯隐私的问题.
来源是:
How to Fix privacy violation issue in java .
Source is :
public void setPassword(String password) {
this.password = password;
}
它正在一种方法中使用:
finalJsonObj.put("userId",user.getUserId());
finalJsonObj.put("userList",userList);
返回finalJsonObj.toString();
虽然密码采用加密格式.但我不确定如何处理和解决此问题.
我尝试过的事情:
我尝试使用char []代替String作为密码.
但是不能解决问题.
and it is being use in one method:
finalJsonObj.put("userId", user.getUserId());
finalJsonObj.put("userList", userList);
return finalJsonObj.toString();
Although password in in encryption format .I am not sure how to handle and fix this issue.
What I have tried:
I tried using char[] instead of String for password .
But not able to solve the issue .
推荐答案
将password变量声明为字符串并不一定意味着它在可读文本中.这意味着它可能具有字符串声明,但是输入的值可以是哈希,加密的字符串或其他任何值.最好的办法是检查您的代码/服务提供商的代码如何输入此变量.
如果您是编码员,请使用不可逆算法来加密/密码,以确保即使有人获得了该密码表示,他/她也无法轻松地对其进行解密
Having password variable being declared as a string does not necessarily mean it is in readable text. That means it might have string declaration but value being input can be a hash, encrypted string or anything. Best thing to do is check with your code/code of service provider on how this variable is being input.
If you are coder, encrypt/password using irreversible algorithms to ensure even if someone gets that password representation he/she cannot easily decrypt it
这篇关于代码扫描以进行漏洞测试. < Pre lang ="java"> abccontroller.java中的方法abcaccess()错误地处理了机密信息,这可能损害用户隐私并且通常是非法的.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!