TabbyML / tabby

Self-hosted AI coding assistant
https://tabbyml.com
Other
21.78k stars 992 forks source link

Tabby save events by default. Security concern. #959

Open piti118 opened 11 months ago

piti118 commented 11 months ago

Describe the bug Tabby writes down events logs in data/events which includes the prompt.

image

This has some security concerns. Ex: If someone were to edit says .env file all those keys and password will be included in the prompt and saved in events(even if it's gitignored). This will become a treasure trove for hackers.

It should be turned off by default.

Information about your version 0.6.0

Information about your GPU Not Applicable.

Additional context Add any other context about the problem here.

katopz commented 11 months ago

Maybe tabby should respect .gitignore, .dockerignore,... and/or introduce .tabbyignore.