Security issue.
indyaah opened this issue · comments
As usual going through code (part of learning process) ended up looking into txt.txt which contains db connection string with credentials in it IN PLAIN STRING!!
You might want to look into that.
Thanks, are you talking about password=JGq4DVRwcZzU-hq10n4U_JeSv4aEG9SQ
The beauty of Spring of spring security is that it will generate a temporary password in dev mode if you don't assign on. txt.txt was a dump during dev (left in error) but all passwords are temporary (I believe).
If I'm missing something please let me know.
oh wow - ok thanks I'll take a look
Ok, I think what happened is that I took a dump of the startup to do some debugging and the db connection string was written out - nothing to do with spring security.
I'm not a dba so I just blew away the db and provisioned a new one and re entered the data.
Thanks for the heads up. I think it should all be sorted now. If not please let me know else I'll close the issue.