teable icon indicating copy to clipboard operation
teable copied to clipboard
verified publisher icon teableio

Security and Operational Risks Due to Hardcoded Default Values in Configuration

Open pand-app opened this issue 1 year ago • 3 comments

Hello,

First, thanks for your job.

I've noticed that your NestJS backend configurations for authentication and storage, specifically in the files auth.config.ts and storage.ts within the develop branch, utilize hardcoded default values. This practice introduces several potential risks and limitations that could affect the security of deployments.

Hardcoded defaults, especially for authentication configurations, can pose significant security risks. If a deployment leave default values, it could be easily exploited by malicious actors.

If you don't have time to solve, but agreed about this fact, we can submit a PR, just say if you've a prefered approach.

pand-app avatar Mar 19 '24 22:03 pand-app

Thank you for your advice. It does have some potential risks we're working on it

tea-artist avatar Mar 20 '24 11:03 tea-artist

👍 FYI, we're working on a simple helm chart, where we're defining generating values in chart directly.

pand-app avatar Mar 20 '24 15:03 pand-app

That is awesome! I think we can do this together. you can submit a PR here.

tea-artist avatar Mar 21 '24 02:03 tea-artist