Why You Shouldn’t Hard Code Your Passwords When Programming

When you are a programmer there are a lot of rules that you have to remember. They can be confusing at different points but if you do not remember them then you are putting the safety of your users at risk. And that is what it all comes down to. A lot of the rules that you will find when programming, especially if you are a web programmer, are made because of the safety issue. You have an obligation to make sure that the users of your software does not fall victim to some bad guy on the internet who knows how to manipulate code.

Why You Shouldn't Hard Code Your Passwords When Programming

When you are learning these rules, you learn that some are more important than others. While you want to try your best to follow all of them, you want to make sure that you follow the most important ones carefully. That is why you will hear about some programming security rules more than others. One of the main ones that you will hear is about not hard coding passwords and other credentials in your source code.

What is hard coding passwords?

Hard coding your password means that you have made it part of the software you are using. Sometimes it is unavoidable and you have to do it but you do it in a safe way. You make sure that it is somewhere that no one is able to get to it. But when you are creating a web app, then there are very few places that are like this.

If you are making a web app, and you have to use a password then you encode it, salt it after that, and then put it in a database. If you look on the web, you will see that some people write JavaScript and they put the password right in the code. Anyone is able to see that code. This means that you did not make the black hat hacker have to break into your back end, you just gave him a key. If you are going to code a password into a web app then you have to put in a part of the server that regular users cannot get to.

A hard coded password in your web app is very dangerous. While there may be some exceptions, the best option is always to not do it.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind