Open smtdfc opened 5 hours ago
Hi, thanks for informing me! This is the repository I've been using for my small website, and therefore it might contain several sensitive data inside. I'll consider hiding the password by moving to environment variables, and set this repo to private then.
[Security Issue] Database Password Exposed in Code
Hello,
I came across this repository and noticed a potential security issue. It appears that a database password is exposed in the following file(s):
/login/login.php
(line 21)/codesamples/artists.php
(line 6)/codesamples/artistproc.php
(line 4)/codesamples/billing.php
(line 6)/codesamples/discography.php
(line 7)/codesamples/inde.php
(line 7)/codesamples/new.php
(line 7)/codesamples/track.php
(line 6)/codesamples/upload.php
(line 34)Even though the password might be intended for a local environment, it is still crucial to avoid including sensitive information like this in a public repository. Exposing passwords can lead to unauthorized access if other parts of your environment are compromised, or if the same password is reused elsewhere.
Recommended Actions:
.env
files).git filter-branch
.For more information on securing sensitive data, you can refer to this guide: Removing sensitive data from a repository.
Thank you, and I hope this helps improve the security of your project.
Best regards,
smtdfc team