0

I am implementing a C++ server with a mariadb backend. I have to access my database and I do so using the mariadbpp (its c++ connector). Though I can use mysql_config_editor and store the passwords in an (encrypted) .cnf file, mariadbpp's API needs a password. This is how I am using it:

mariadb::account_ref acc = mariadb::account::create("localhost", "order", "<password>", "Orders");

The database is configured to only be accessible from localhost. Is putting the password in .cpp source file okay from security perspective?

Anders
  • 64,406
  • 24
  • 178
  • 215
Hemil
  • 105
  • 5
  • 1
    Related: https://security.stackexchange.com/q/79717/165253 – forest Feb 23 '19 at 10:34
  • Note that storing the password in a const std::string at runtime is independent of hardcoding it in the program's source code. It's only the latter that's a bad idea. – Joseph Sible-Reinstate Monica Feb 23 '19 at 15:01
  • I am not sure I understand what you said @JosephSible . Do you mean storing the password in const std::string from a file, (at run time) is the same as hardcoding it. Just the latter is a really bad idea coz the hacker can analyze the binary and figure that out? – Hemil Feb 24 '19 at 05:54

1 Answers1

3

Hardcoding of secrets is never a good idea.

Use a configuration file, to read from. This way you will be able to swiftly change the password if required and prevent the password from leaking through version control or binary analysis.

Euphrasius von der Hummelwiese
  • 1,018
  • 4
  • 20