search

parse-community / parse-server

Parse Server for Node.js / Express
https://parseplatform.org
Apache License 2.0
20.95k stars 4.78k forks source link

Database Password Security Check Doesn't Check All Possible URIs #8833

Open sjmckee opened 11 months ago

sjmckee commented 11 months ago

https://github.com/parse-community/parse-server/blob/2c2563ebd2ac5255b387296a563a34157ec076f5/src/Security/CheckGroups/CheckGroupDatabase.js#L18

Would it be beneficial to also look for config.databaseURI if a database adapter is not defined in the configuration object? I do not currently have a database adapter defined in my config (using Postgresql), and when I access the new /security endpoint, it informs me my password does not meet the minimum requirements. However, it does meet the minimum requirements specified in CheckGroupDatabase.js.

Here is an example that will fail the database password security check when only config.databaseURI is specified, but it should pass:

    export const config = {  
        databaseURI: 'postgres://mypostgresuser:q00A1qgxYNHzn2ID5XST@localhost:5432/parse'
        ...  
    }
parse-github-assistant[bot] commented 11 months ago

Thanks for opening this issue!

userAdityaa commented 11 months ago

Hello, I am new to contributing. Can you please give me some more explanation to this problem. It seems i can work on it.