Sensitive Data Exposure
Hardcoded Sensitive Information in JavaScript
Vulnerability: Hardcoded Sensitive Information
Vulnerable Code:
javascriptCopy codeconst apiKey = "1234567890abcdef";
Reason for vulnerability: Sensitive information like API keys should not be hardcoded in the source code as it can be easily extracted.
Fixed Code:
javascriptCopy codeconst apiKey = process.env.API_KEY;
Reason for fix: Using environment variables to store sensitive information keeps it out of the source code and limits its exposure.
Last updated