docker-compose config should be secure by default

cachethq / Docker

A Dockerized version of Cachet.

https://cachethq.io

BSD 3-Clause "New" or "Revised" License

415 stars 280 forks source link

docker-compose config should be secure by default #337

Closed lrstanley closed 4 years ago

lrstanley commented 5 years ago

Currently, the docker compose configuration doesn't set APP_DEBUG=false, or APP_ENV=production. This means a user accessing even something as simple as a page that doesn't exist (404) will see all environment variables, including database credentials, and other sensitive information, due to the Symfony exception page.

djdefi commented 5 years ago

@lrstanley I totally agree. Would you like to submit a PR to update those to more secure defaults?