This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Secure Application Configuration and State Library

From OWASP
Revision as of 14:12, 25 July 2013 by Rahul Chaudhary (talk | contribs) (Created page with "<h4>Introduction</h4> new \PDO ("mysql:dbname='pdo_mysql';host='localhost';", "root", "myPassword"); <BR> In any application there are several lines, as the one given above, t...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Introduction

new \PDO ("mysql:dbname='pdo_mysql';host='localhost';", "root", "myPassword");
In any application there are several lines, as the one given above, that contains some data that are extremely sensitive and not to be seen. Nevertheless, they have to be in files and codes for the application to work properly (In the above case, to create a successful connection to the DB). These confidential data if compromised, has the potential to end the life-time of the application. The attackers can use the password for anything ranging from passive monitoring to actively deleting all the data. That's enough to bring a company down. For this reason, these sensitive data needs to be protected. The function of this library is to protect these data from being stolen.

What is sensitive ?

A sensitive piece of data is any data that if known publicly, can aid in unauthorized access or kind of malfunction in the system. The range of this data can be from "passwords" to "configuration files". Data such as version no, file locations etc can be harmful. Thus, they can also be treated as sensitive. Overall, the term is very vague and its meaning cannot be made clearer until a context is provided. Thus, the developers can assume any data to be sensitive which they feel no one else must know.

Retrieved from "https://wiki.owasp.org/index.php?title=Secure_Application_Configuration_and_State_Library&oldid=156025"