Hardcoding an IP address into source code is a bad idea for several reasons:
- a recompile is required if the address changes
- it forces the same address to be used in every environment (dev, sys, qa, prod)
- it places the responsibility of setting the value to use in production on the shoulders of the developer
- it allows attackers to decompile the code and thereby discover a potentially sensitive address
Noncompliant Code Example
var (
ip = "127.0.0.1"
port = 3333
)
SocketClient(ip, port)
Compliant Solution
config, err := ReadConfig("properties.ini")
ip := config["ip"]
port := config["ip"]
SocketClient(ip, port)
See