Sensitive Data Exposure

Hardcoded Sensitive Information in JavaScript

Vulnerability: Hardcoded Sensitive Information

Vulnerable Code:

javascriptCopy codeconst apiKey = "1234567890abcdef";

Reason for vulnerability: Sensitive information like API keys should not be hardcoded in the source code as it can be easily extracted.

Fixed Code:

javascriptCopy codeconst apiKey = process.env.API_KEY;

Reason for fix: Using environment variables to store sensitive information keeps it out of the source code and limits its exposure.

PreviousConnection String InjectionNextSecurity Misconfigurations

Last updated