Synopsis: | Do not use hard coded values for cryptographic operations |
Language: | Java |
Severity Level: | 3 |
Category: | SecurityCodeGuidelines |
Description: |
Do not use hard coded values for cryptographic operations. Please store keys outside of source code. public class Foo { void good() { SecretKeySpec secretKeySpec = new SecretKeySpec(Properties.getKey(), "AES"); } void bad() { SecretKeySpec secretKeySpec = new SecretKeySpec("my secret here".getBytes(), "AES"); } } |