search

Security-Tools-Alliance / rengine-ng

reNgine-ng is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface.
GNU General Public License v3.0
19 stars 8 forks source link

feat(app): remove .env from index and create .env-dist #20

Open psyray opened 4 months ago

psyray commented 4 months ago

Is there an existing feature or issue for this?

Expected feature

We should remove .env from git index, and create a .env template called, for example, .env-dist

File is in the .gitignore but as the file is in the git index the ignore does not work.

By adding a file .env-dist, user can rename it to .env, change values and this does not trigger a git change

For more security we could also remove the default password and force user to set it with a strict minimal length and contained chars

Alternative solutions

No response

Anything else?

No response

ocervell commented 4 months ago

I usually use .env.example to make it clear what the user has to do.

psyray commented 4 months ago

The trick here is to remove from index without deleting the .env file when the user will pull the modification. Is it possible to do that ?

ocervell commented 4 months ago

Probably not... If the .env file has been user modified, it will fail to pull probably. Otherwise it will delete it.