Cloudfoundry 密码 - 代码漏洞
[英]Cloudfoundry Password - Code vulnerability
问题描述
Below is the GO code used from client library to connect to Cloud foundry.
以下是客户端库中用于连接到 Cloud Foundry 的 GO 代码。
c := &cfclient.Config{
ApiAddress: "https://x.y.z.cloud",
Username: "admin",
Password: "admin",
}
client, _ := cfclient.NewClient(c)
This source code becomes vulnerable due to readable password, going in source control.由于可读密码,此源代码变得易受攻击,进入源代码控制。
Currently the app using above code, is running outside Cloud foundry(PAAS).目前,使用上述代码的应用程序在 Cloud Foundry (PAAS) 之外运行。
AWS cloud(IAAS) introduced the concept called roles that allow access without credentials. AWS 云 (IAAS) 引入了称为 角色的概念,允许在没有凭据的情况下进行访问。
What is the best practice to avoid visible password in source code?避免源代码中可见密码的最佳做法是什么? Does CredHub credential configuration help client library connect in secure way? CredHub凭据配置是否有助于客户端库以安全方式连接?
1 个解决方案
解决方案1
5 2019-04-22 23:56:40
That's sample code in a README file, not the source code of a service.这是 README 文件中的示例代码,而不是服务的源代码。 You could replace the hardcoded password with code to read an environment variable or command-line argument.您可以用代码替换硬编码密码以读取环境变量或命令行参数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.