在方法中将密码存储为本地常量的安全隐患？

Question

I would like to educate myself on the subject of most common security anti-patterns.

Hypothetically speaking, what are the security risks of storing a password in the following way:

interface

type
  TFoo = class
   procedure DoSomething;
  end;

Implementation

procedure TFoo.DoSomething;
 const
   Password = 'Something';
begin 

end;

I know that the correct way would be to use a hashing algorithm to hash the password and save that value in an external file, however I'm really interested in how the password in the example is exposed to a malicious 3rd party.

Answer 1

The password will be visible by examining the data in the executable. Eg use a hex editor or even notepad.

Answer 2

I would like to educate myself...

In addition to egur's correct answer , to answer the unasked question whether any password-stored-in-source-solution would do:

As already explained, a constant String appears literally in the executable.

Alternative 1:

const
  PW0 = 'pas';
  PW1 = 'swo';
  PW2 = 'rd';
var
  PassWord: String;
...
initialization
  PassWord := PW0 + PW1 + PW2;

Result: 'Password' in executable.

Alternative 2:

const
  PW2 = 'rd';
  PW1 = 'swo';
  PW0 = 'pas';
var
  PassWord: String;
...
initialization
  PassWord := PW0 + PW1 + PW2;

Result: 'Password' in executable.

Alternative 3:

var
  PW2: String = 'rd';
  PW1: String = 'swo';
  PW0: String = 'pas';
  PassWord: String;

initialization
  PassWord := PW0 + PW1 + PW2;

Result: 'rd', 'swo' and 'pas' in executable.

Try around yourself some more. Open the executable in Notepad and see for yourself.

Besides, and needless to say, the above practices are no advice but have only complementary value to the question.