Default to a random SQL password in production #223
Comments
elimisteve
added a commit
that referenced
this issue
Sep 16, 2021
Fixes issue raised in #223, though by preventing outside database connections rather than randomizing the password Note that leapchat.org never used docker-compose.yml and thus never exposed the database port to the outside.
|
Hi @gidoBOSSftw5731! Sorry to have confused you with the Docker-based instructions. They never fully worked and were never used at leapchat.org . I am replacing those instructions with the correct, secure, non-Docker-based instructions used in production and will post them tomorrow. |
|
While that is better, I mainly wanted to use my own database because I already run a db instance on that machine with an overlapping port. Also, it's still unwise and insecure to trust that all access from localhost is secure, so this still doesn't really solve it. The main reason why I want to use the docker stuff at all is just because setting up postgrest sounds like kind of a pain and not something I'm thrilled to spend time installing. |
elimisteve
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm trying to run my own instance of this and it's quite concerning that not only is there an insecure default PSQL password, but there's no easy seeming way to use a different one. Even if all the messages on your server are encrypted, it's valuable to not have insecure access to your DB at all. Am I missing something obvious? Because this seems like a major oversight.
The text was updated successfully, but these errors were encountered: