pfista
commented
7 years ago Thanks for reporting this. As per our readme:
For the sake of simplicity and setup speed, the development VM does not include any authentication or permission. For developing with sensitive data, we encourage developers to add their own protection, such as only running Nylas on a local machine or behind a controlled firewall. Note that passwords and OAuth tokens are stored unencrypted in the local MySQL data store on disk. This is intentional, for the same reason as above.
Problem Security vulnerability if MYSQL exposed can login with insecure default password
Expected Initial install generate random root password Create nylas user account to only access specific databases