如何处理 MVC 模型的密码字段属性的 Veracode 错误?
[英]How to handle Veracode error for MVC's Model's property for a password field?
问题描述
I have a model for login logic.
我有一个登录逻辑模型。 It contains a property called Password:它包含一个名为 Password 的属性:
[Required(ErrorMessage = " ")]
[DataType(DataType.Password)]
public string Password { get; set; }
When Veracode scans the model it produces the following error:当 Veracode 扫描模型时,它会产生以下错误:
CWE-316: Cleartext Storage of Sensitive Information in Memory
My view is generating the Password field as follows:我的观点是生成密码字段,如下所示:
@Html.EditorFor(x => x.Password}
Then, along the line in the model, I'm using the following Windows Authentication logic to check if the user is a windows user:然后,沿着模型中的线,我使用以下 Windows 身份验证逻辑来检查用户是否是 Windows 用户:
DirectoryEntry de = new DirectoryEntry("LDAP://" + System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName, username, password, AuthenticationTypes.Secure);
The above class' constructor requires password as a string.上述类的构造函数需要密码作为字符串。
What would be the best solution that could fix the Veracode problem and allows me to use the logic I already have?什么是可以解决 Veracode 问题并允许我使用已有逻辑的最佳解决方案?
1 个解决方案
解决方案1
0 2022-06-28 19:20:04
The solution was an easy one.解决方案很简单。 I just have to change the declaration Password to UserIdnt .我只需要将声明Password更改为UserIdnt 。
Now Veracode doesn't recognize it as a security threat and let it go现在Veracode不会将其视为安全威胁并放手
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.