atulya2109
commented
3 years ago There are bots on Github that scan for sensitive information that has been committed to public repos so as to use it for their own purposes.
Closed atulya2109 closed 3 years ago
atulya2109
commented
3 years ago There are bots on Github that scan for sensitive information that has been committed to public repos so as to use it for their own purposes.
atulya2109
commented
3 years ago SInce, loading of environment variables has already been implemented using config I won't be re-implementing it with dotenv rather I will add the config.json to .gitignore and add a sample config.json file.
aavishkarmishra
commented
3 years ago This is added because, so many contributors are having issues with mongo-uri for development. So I added a uri for development purposes.
atulya2109
commented
3 years ago You can share it on discord I guess. If you share it this way it might get crawled by bots. Or there could be documentation on how they can locally set up a mongodb server
Describe the bug default.json under the config folder has Mongo Uri in the file which is a sensitive information. Sensitive information such as API Tokens and in this case Mongo Uri with the username and password of the data base should not be committed to a public repository. Instead of loading sensitive data this way, one should use a .env file and provide a sample .env for contributors.
To Reproduce Steps to reproduce the behavior:
Expected behavior Instead of loading sensitive data this way, one should use a .env file and provide a sample .env for contributors.
Screenshots
Here is the database with all the users that have created their account
Additional context I will implement loading credentials from the .env file meanwhile whomever this MongoDB Atlas account belongs to should change their password