Hardcoding an IP address into source code is a bad idea for several reasons:
- a recompile is required if the address changes
- it forces the same address to be used in every environment (dev, sys, qa, prod)
- it places the responsibility of setting the value to use in production on the shoulders of the developer
- it allows attackers to decompile the code and thereby discover a potentially sensitive address
Noncompliant Code Example
val ip = "127.0.0.1"
val socket = ServerSocket(ip, 6667)
Compliant Solution
val ip = System.getenv("myapplication.ip")
val socket = ServerSocket(ip, 6667)
See