[Security Issue] Database Password Exposed in Code

[smtdfc]

[Security Issue] Database Password Exposed in Code

Hello,

I came across this repository and noticed a potential security issue. It appears that a database password is exposed in the following file(s):

• /login/login.php (line 21)
• /codesamples/artists.php (line 6)
• /codesamples/artistproc.php (line 4)
• /codesamples/billing.php (line 6)
• /codesamples/discography.php (line 7)
• /codesamples/inde.php (line 7)
• /codesamples/new.php (line 7)
• /codesamples/track.php (line 6)
• /codesamples/upload.php (line 34)

Even though the password might be intended for a local environment, it is still crucial to avoid including sensitive information like this in a public repository. Exposing passwords can lead to unauthorized access if other parts of your environment are compromised, or if the same password is reused elsewhere.

Recommended Actions:

1. Remove the exposed password: It would be best to remove the password from the codebase as soon as possible.
2. Use environment variables: Consider storing your credentials in environment variables or configuration files that are not included in version control (e.g., .env files).
3. Regenerate and update the password: After removing it from the codebase, updating the database password is recommended to ensure that the exposed one cannot be misused.
4. Clean Git history: You may want to remove the exposed password from the commit history using tools like BFG Repo-Cleaner or git filter-branch.

For more information on securing sensitive data, you can refer to this guide: Removing sensitive data from a repository.

Thank you, and I hope this helps improve the security of your project.

Best regards,
smtdfc team

[thanhcong2k7]

Hi, thanks for informing me! This is the repository I've been using for my small website, and therefore it might contain several sensitive data inside. I'll consider hiding the password by moving to environment variables, and set this repo to private then.