Sensitive information in source code - Credentials
Need
Protection of sensitive information in source code
Context
- Usage of Java for building cross-platform applications
- Usage of javax.servlet for building Java web applications with servlets
- Usage of javax.servlet.http for handling HTTP requests and responses in Java Servlets
Description
Non compliant code
import javax.servlet.*;
import javax.servlet.http.*;
public class LoginServlet extends HttpServlet {
private static final String USERNAME = "admin";
private static final String PASSWORD = "password123";
private static final String API_KEY = "1234567890abcdef";
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
if (USERNAME.equals(username) && PASSWORD.equals(password)) {
// User is authenticated
} else {
// User is not authenticated
}
}
}
This code represents a Servlet that handles user login. The Servlet is vulnerable because it contains sensitive information hardcoded in the source code. The USERNAME, PASSWORD, and API_KEY are stored as static final variables, which is a bad practice because anyone with access to the source code can see these values.
The doPost method retrieves the username and password from the HTTP request and compares them to the hardcoded USERNAME and PASSWORD. If they match, the user is authenticated. Otherwise, the user is not authenticated.
This is a serious security vulnerability because if an attacker gains access to the source code, they can easily retrieve these credentials and use them to gain unauthorized access to the system. In addition, if these credentials are used across multiple systems, the attacker could potentially gain access to all of them.
Steps
- Remove sensitive information from the source code
- Store sensitive information in a secure location
- Use environment variables or configuration files to store sensitive information
- Implement proper authentication and authorization mechanisms
- Encrypt sensitive information when storing or transmitting it
- Regularly update and rotate sensitive information, such as passwords and API keys
- Implement access controls to restrict access to sensitive information
- Regularly review and audit the codebase for any potential vulnerabilities
Compliant code
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.IOException;
public class LoginServlet extends HttpServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
String USERNAME = System.getenv("USERNAME");
String PASSWORD = System.getenv("PASSWORD");
if (USERNAME.equals(username) && PASSWORD.equals(password)) {
// User is authenticated
} else {
// User is not authenticated
}
}
}
The updated code removes the hard-coded sensitive information (username, password) from the source code. Instead, it retrieves these values from environment variables.
Environment variables are a more secure way to handle sensitive information. They are stored outside the application and can be accessed only by the system or users with the correct permissions. This way, even if someone gains access to the source code, they won't be able to see the actual values of the sensitive data.
In a production environment, these environment variables would be securely set with the actual credentials.
Remember, it's crucial to ensure that these environment variables are properly secured. They should not be included in any version control systems or left in an insecure state on the production server.
Also, it's important to note that this is just one step towards securing your application. You should also consider implementing additional security measures such as proper authentication and authorization mechanisms, encrypting sensitive information when storing or transmitting it, regularly updating and rotating sensitive information, implementing access controls to restrict access to sensitive information, and regularly reviewing and auditing the codebase for any potential vulnerabilities.