Closed dominique-vassard closed 4 years ago
Sure, it would be nice. But if you come to think about, who can really run that command? If that person has access to a running app’s shell, he can find those credentials in other places too, among many other and probably even more sensitive details, no?!
We can simply remove the auth creds when we display the info, to be pedantic, yes.
But honestly, I wouldn’t go further than that. Checking if the app runs in prod or ... env ¯_(ツ)_/¯
@dominique-vassard - I added a basic sanitization, in master. HTH?!
Nice! You're right, that's enough to have some security for unaware people who leaves their session opened for few minutes. It' just to make things harder for the bad guys ;)
Environment
bolt://
,bolt+routing://
orneo4j://
): bolt://Current behavior
Today
Bolt.Sips.info
returns something like this:Wouldn't be nice to hide the credentials in it? At least when using a prod env? Just to add a bit of security. Do you think it is worthy or not?