TICS Coding Standard Viewer 
TIOBE Software Quality Framework
Print-friendly version
©TIOBE Software www.tiobe.com
 
TIOBE - Java Coding Standard
Search

Rule:  Security1Checked automatically with code checker

Synopsis:Do not use hard coded values for cryptographic operations
Language:Java
Severity Level:3
Category:SecurityCodeGuidelines


Description:

Do not use hard coded values for cryptographic operations. Please store keys outside of source code.

public class Foo {
    void good() {
        SecretKeySpec secretKeySpec = new SecretKeySpec(Properties.getKey(), "AES");
    }

    void bad() {
        SecretKeySpec secretKeySpec = new SecretKeySpec("my secret here".getBytes(), "AES");
    }
}