- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: ruby-security/rails-basic-auth
Language: Ruby
Severity: Info
Category: Security
CWE: 798
This rule advises against hardcoding basic authentication credentials directly in your Rails application. Hardcoded credentials pose a significant security risk as they can easily be exposed unintentionally, leading to unauthorized access to sensitive data or systems.
It is important to adhere to this rule because it promotes good security practices. By avoiding hardcoded credentials, you reduce the potential for security breaches and ensure that your application’s authentication mechanisms are robust and secure.
To avoid violating this rule, store your basic authentication credentials in a secure and encrypted format, such as environment variables or a secure credentials storage system. For instance, instead of hardcoding the password directly in the http_basic_authenticate_with
method, you can fetch it from an environment variable like this: http_basic_authenticate_with :name => "dhh", :password => ENV['SECRET_PASSWORD'], :except => :index
. This way, the actual password is not exposed in the code and can be securely managed outside of the application.
class PostsController < ApplicationController
http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index
end
class PostsController < ApplicationController
http_basic_authenticate_with :name => "dhh", :password => secret, :except => :index
end
|
|
For more information, please read the Code Security documentation
Identify code vulnerabilities directly in yourVS Code editor
Identify code vulnerabilities directly inJetBrains products