Fortify Access Control LDAP

Question

Fortify scan has risen an "Access Control LDAP" problem, any idea of how can i fix/solve it? The ldap parameters are stored in database, so to establish connection we get configuration using: - DAO layer:

public Config getConfig() {
    Query query = this.entityManager.createQuery("FROM Configuration");
    if (query.getResultList() != null) {
        if (query.getResultList().size() > 0) {
            return (Config) query.getResultList().get(0);
        }
    }
    return null;
}

Answer 1

If you trust that your configuration store is safe, then you should hide or suppress this issue.

This should assume that the program is unable to write to the configuration store, and only the deployer administrator can do that.