Thursday, April 3, 2008

Hard coding username and password

If you are thinking of hardcoding username and password.. pls dont do it. Here are some sane reasons not to do it:
  1. When the password expires, its got to be reset...if its hard coded, they have got to search where the elusive password has been coded. Add to this the fact that the password will be encrypted and hardcoded---they have to break the code to get to the password...
  2. Code is not the place to put ur passwords in.. For example i know of a very widely used business application which will work only with the vendor provided software....so how secure is your application?
  3. Hard coded paswords cant be changed with changing employes. So you never know..

Ok even after this if you want to hard code the password... please make sure you comment your code properly...

No comments: