Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security and Operational Risks Due to Hardcoded Default Values in Configuration #472

Open
Nainterceptor opened this issue Mar 19, 2024 · 3 comments
Open

Security and Operational Risks Due to Hardcoded Default Values in Configuration #472

Nainterceptor opened this issue Mar 19, 2024 · 3 comments

Comments

@Nainterceptor
Copy link

Hello,

First, thanks for your job.

I've noticed that your NestJS backend configurations for authentication and storage, specifically in the files auth.config.ts and storage.ts within the develop branch, utilize hardcoded default values. This practice introduces several potential risks and limitations that could affect the security of deployments.

Hardcoded defaults, especially for authentication configurations, can pose significant security risks. If a deployment leave default values, it could be easily exploited by malicious actors.

If you don't have time to solve, but agreed about this fact, we can submit a PR, just say if you've a prefered approach.
@tea-artist
Copy link
Contributor

Thank you for your advice. It does have some potential risks we're working on it

@Nainterceptor
Copy link
Author

👍 FYI, we're working on a simple helm chart, where we're defining generating values in chart directly.

@tea-artist
Copy link
Contributor

That is awesome! I think we can do this together. you can submit a PR here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Nainterceptor @tea-artist