Passwords in `.properties` file - Githubissues

ewolff / microservice-kafka

Demo to show how Apache Kafka can be used for communication between microservices

Apache License 2.0

584 stars 302 forks source link

Passwords in `.properties` file #19

Closed akondasif closed 4 years ago

akondasif commented 4 years ago

Hi @ewolff ,

Our tool detected some instances of passwords in .properties file. Wanted to bring it to your attention:

https://github.com/ewolff/microservice-kafka/blob/918d5387daa7242f0b1a741c7d772142093a0ceb/microservice-kafka/microservice-kafka-invoicing/src/test/resources/application-test.properties#L4

and

https://github.com/ewolff/microservice-kafka/blob/918d5387daa7242f0b1a741c7d772142093a0ceb/microservice-kafka/microservice-kafka-invoicing/src/main/resources/application.properties#L13

and

https://github.com/ewolff/microservice-kafka/blob/918d5387daa7242f0b1a741c7d772142093a0ceb/microservice-kafka/microservice-kafka-order/src/test/resources/application-test.properties#L6

and

https://github.com/ewolff/microservice-kafka/blob/918d5387daa7242f0b1a741c7d772142093a0ceb/microservice-kafka/microservice-kafka-order/src/main/resources/application.properties#L11

and

https://github.com/ewolff/microservice-kafka/blob/918d5387daa7242f0b1a741c7d772142093a0ceb/microservice-kafka/microservice-kafka-shipping/src/test/resources/application-test.properties#L4

and

https://github.com/ewolff/microservice-kafka/blob/918d5387daa7242f0b1a741c7d772142093a0ceb/microservice-kafka/microservice-kafka-shipping/src/main/resources/application.properties#L13

ewolff commented 4 years ago

Actually that is even the default password for the official Postgres Docker image that I am using. I do see the point but this demo is a demo - no production code.