search

mpyw / php-hyper-builtin-server

Reverse proxy for PHP built-in server which supports multiprocessing and TLS/SSL encryption
MIT License
106 stars 10 forks source link

Private RSA key leak #17

Closed maverickvn360 closed 4 years ago

maverickvn360 commented 4 years ago

Hello there, I was searching for leaks using scanners and yours popped up..

I can't mention the location of the same.. But there's a key leak which can allow an attacker to get plaintext from a cipher text..

Please consider an alternative way of storing the key

Thanks

mpyw commented 4 years ago

The default key is only for local development. We don't treat it secure.

antonkomarev commented 4 years ago

@Ajwani97 This server designed to work for local development only. For public web server consider to use nginx.

maverickvn360 commented 4 years ago

Thanks for clarification.. 🙂