On 13.05.22 17:23, Phil Endecott via Boost wrote:
The aim should be "secure by default". Users are lazy. The particular danger in this case is that they do an initial test with the password in the source, and then move it somewhere secure later, but the password is still exposed in their revision control history. At this point in history, there is no excuse to repeat the mistakes that have lead to really very serious security problems in the past. Make the default mechanism, and the first one that you describe in the docs, the most secure one.
Looking for credentials in a file on disk may be more secure than embedding the credentials in code, but it is most definitely the most secure mechanism. The most secure mechanism is to always ask the user at program start-up. Or better yet, ask each time a connection is created, and then immediately wipe the credentials from RAM in order to mitigate RAM scanning attacks. -- Rainer Deyke (rainerd@eldwood.com)