hard-coded default passwords as parameters is a bad practice
Greetings,
I am a security researcher, who is looking for security smells in Puppet scripts.
I noticed instances of hard-coded passwords, which are against the best practices
recommended by Common Weakness Enumeration (CWE) [https://cwe.mitre.org/data/definitions/259.html] and also by other security practitioners.
I suggest use of undef to mitigate this smell. Feedback is welcome.
Greetings,
I am a security researcher, who is looking for security smells in Puppet scripts. I noticed instances of hard-coded passwords, which are against the best practices recommended by Common Weakness Enumeration (CWE) [https://cwe.mitre.org/data/definitions/259.html] and also by other security practitioners. I suggest use of undef to mitigate this smell. Feedback is welcome.