Missing authentication for database

Overview

• Rule ID: java_lang_missing_database_authentication

• Applicable Languages: Java

• Weakness ID: CWE-306

Description

Your database faces significant risk without proper authentication mechanisms. This vulnerability exposes it to unauthorized access and potential security breaches.

Remediation Guidelines

• Ensure your database server is configured with recommended authentication settings, including strong usernames and passwords.

• Implement a key management system to securely handle and store your passwords.

References

• OWASP Authentication Cheat Sheet

• CWE-306: Missing Authentication for Critical Function

• OWASP Top 10: A07:2021 - Identification and Authentication Failures

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL