- In the console application, locate the App.config file. This is the file that contains the sensitive data.
- If you open the App.config file, you will see that, within the appSettings tag, there is a key added called Secret. This information should probably not be in the App.config to start off with. The problem here is that it might be checked into your source control. Imagine that on GitHub?
<?xml version="1.0" encoding="utf-8"?> <configuration> <startup> <supportedRuntime version="v4.0" sku=".NETFramework, Version=v4.6.1"/> </startup> <appSettings> <add key="name" value="Dirk"/> <add key="lastname" value="Strauss"/> <add key="Secret" value="letMeIn"/> </appSettings> </configuration>
- To overcome this vulnerability, ...