An attacker could potentially decrypt this file to discover the password, particularly when the attacker has knowledge of the key and encryption scheme used by the program. Passwords should be protected even from system administrators and privileged users. Consequently, using encryption is only partly effective in mitigating password disclosure threats.
- Chapter 1. Security
- from Java™ Coding Guidelines: 75 Recommendations for Reliable and Secure Programs
- Publisher: Addison-Wesley Professional
- Released: August 2013
using encryption is ONLY PARTLY EFFECTIVE in mitigating password disclosure threats
Share this highlighthttp://www.safaribooksonline.com/a/javatm-coding-guidelines/6306074/