mirror of
https://github.com/github/codeql.git
synced 2026-02-22 18:03:39 +01:00
22 lines
428 B
XML
22 lines
428 B
XML
<!DOCTYPE qhelp PUBLIC
|
|
"-//Semmle//qhelp//EN"
|
|
"qhelp.dtd">
|
|
<qhelp>
|
|
|
|
<overview>
|
|
<p>
|
|
Storing a plaintext password in a configuration file allows anyone who can read the file to
|
|
access the password-protected resources. Therefore it is a common attack vector.
|
|
</p>
|
|
</overview>
|
|
|
|
<recommendation>
|
|
<p>
|
|
Passwords stored in configuration files should always be encrypted.
|
|
</p>
|
|
</recommendation>
|
|
|
|
<references>
|
|
</references>
|
|
</qhelp>
|