|
|
Just wow! I wonder how many of these websites use a template service and just copy database connection code from lets say.. Q&A?
When you are dead, you won't even know that you are dead. It's a pain only felt by others.
Same thing when you are stupid.
modified 19-Nov-21 21:01pm.
|
|
|
|
|
Wow, that's really bad!
|
|
|
|
|
So this is how spammers are getting 'authenticated' email through the ole spam filters.
And don't get me started with exposing your database passwords on the internet.
if (Object.DividedByZero == true) { Universe.Implode(); }
|
|
|
|
|
Looks like something used in Node/React (based on a quick search as I've never heard of a .env file) similar to a web.config. I wonder if this is a problem with the technology or just a misconfigured webserver? Either way, look on the bright side, the developers appear to be using strong passwords!
"Go forth into the source" - Neal Morse
|
|
|
|
|
Well, you *can* use them in a Node project, if you go out of your way to do so. I think that Laravel (a PHP framework) uses them by default also. I suppose you could use them from any language or framework, if you really wanted to.
It mostly looks like people making the mistake of putting their db credentials in a file and then leaving the file in a place that lets the web server send it out to anyone who asks for it.
The whole thing seems a bit dumb since one of the reasons to store your production DB credentials in environment variables is so they won't be sitting in a file somewhere.
|
|
|
|
|
kmoorevs wrote: Either way, look on the bright side, the developers appear to be using strong passwords!
My favourite one is DB_PASSWORD=murder4513 . Quite strong and definitely capital, so to speak, rights?
|
|
|
|
|
Jacek Gajek wrote: My favourite one is DB_PASSWORD=murder4513
Reminds me of a Police tune...'Murder by Numbers'!
"Go forth into the source" - Neal Morse
|
|
|
|
|
I'm somewhat reminded of how you could search for Outlook PSTs on Google and it brought back instances where people were somehow sharing their entire Outlook email file with the rest of the world...
|
|
|
|
|
Wow. Since I am database illiterate, what is wrong here ? That you can see the .env file from external or that the password is stored in there ?
|
|
|
|
|
Rage wrote: That you can see the .env file from external or that the password is stored in there ?
Both of them. In normal situation you have two layers of security - first, the attacker has to access a private network and second -- he needs to login to a database. Here the second layer is gone. And if access to DB is NOT restricted to private network then... it's not good.
|
|
|
|
|
It was a struggle, but I got my two OpenMediaVault machines stood up and initially configured.
One is a media server and has six analog hard drives for a total of 11.5 terabytes. The second box is for network-wide backups and has four analog hard drives for a total of four terabytes. Before installing OMV, I had to take all my NTFS media drives, copy them to a temp drive, re-partition/format the media drive, and copy the media files back to the newly partitioned drive. This took THREE DAYS (probably because the temp drive was a USB drive).
The OMV struggles involved the motherboard BIOS settings. I fought those issues all day yesterday. Any distro I installed would boot fine, but OMV kept saying that all the drives failed the soft reset. I must have rebooted the machines 100 times in the process of getting it resolved.
I think I figured out what to do with my extra RaspBerry Pi - using it as a network monitor. I haven't decided what software to use yet, but right now,
Pandora FMS[^] is looking pretty good (they even have a Pi image).
Tonight, I'll be configuring my HTPC box to get files from the OMV media server.
I also started writing a Linux migration article for like-minded individuals. It includes everything from minimal hardware specs to dealing with configuring OMV, and handy command line items so you don't have to go googling it like I had to.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
John Simmons / outlaw programmer wrote: 11.5 terabytes
That's ... a lot !
|
|
|
|
|
Wait till I start replacing the 2tb drives with 4tb drives.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
I've switched to using 8TB drives for my backups. The existing 2TB and 5TB drives are now the "live" drives holding my collections. I have a catalog search program I wrote myself that allows searching selection and playing of any of the live media in most rooms in my house (I have a power-line network that goes everywhere).
I now have 40TB of live disks and 40TB of backup disks.
- I would love to change the world, but they won’t give me the source code.
|
|
|
|
|
Forogar wrote: I now have 40TB of live disks and 40TB of backup disks.
Holy crap on a cracker!
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Forogar wrote: 40TB of backup disks.
How do you have that setup?
Common sense is admitting there is cause and effect and that you can exert some control over what you understand.
|
|
|
|
|
I have two file servers with a couple of USB 3.0 hubs each. USB externals drives plugged in and and a big scheduled batch job to run Robocopy each night. Simples!
For some important files I backup copies to two or more locations.
- I would love to change the world, but they won’t give me the source code.
|
|
|
|
|
Forogar wrote: I have two file servers with a couple of USB 3.0 hubs each. USB externals drives
The most reliable backup solution I've had was one I put together in a similar fashion. I've now owned a couple of 'NAS' devices, and been disappointed in their performance and features.
Common sense is admitting there is cause and effect and that you can exert some control over what you understand.
|
|
|
|
|
I looked at NASes and decided they weren't worth the money. They were upwards of $600 each for the number and capacity of drives I wanted and gave me really nothing more (that I needed) than a decent, powered USB 3.0 hub with 7 outbound connections for $14.99 each. The external drives were basically the same price as naked drives so... nothing to see here, move along!
Over the last 5 years I have been using this system I have lost 2 x 2TB and 2 x 1TB drives that I had to replace as they wear out. I haven't lost a single byte of data. File recovery is super easy.
- I would love to change the world, but they won’t give me the source code.
|
|
|
|
|
This is what it says on the openmediavault website:
Quote: It is a simple and easy to use out-of-the-box solution that will allow everyone to install and administrate a Network Attached Storage without deeper knowledge.
|
|
|
|
|
Yeah... right. It's not easy, nor intuitive.
I found out how to "make it go" simply by chance. None of the media drives were mounted by default. This seems kinda bizarre to me, given that it's a NAS setup. They refer to drives/partitions as "devices", but don't really mention that anywhere (that I found). Until the partitions are mounted, you can't create shares, which makes sense, but as I said before, they don't mention that partitions are called "devices" in their app, and you must select a "device" to share.
At this point, I have shares setup, but I don't yet know if it's enough, at least not until I try to get Kodi setup.
I am on an adventure of discovery, and so far, resisting the urge to go back to windows.
On a semi-related note, I still haven't GOTTEN wireless working on the older Acer laptops. I think I'm just gonna give up and get a USB wireless dongle and call it a day. I have to research the various dongle offerings and pick the one that presents the fewest problems in Linux.
In the process of trying to get that working, I installed Linux Mint Cinnamon on the Laptops. I think I prefer that distro over Ubuntu because it's more Windows-like (and I suspect SWMBO will be happy about that).
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Luckily those USB dongles, e.g. from TPlink, cost next to nothing
|
|
|
|
|
Sorry if you've already mentioned this somewhere, but have you tried using Ndiswrapper to use Windows drivers for the wireless networking on your Acer laptops? I
t's been a while since I've used ndiswraper, but it helped me out a couple of times in the past when I had a laptop with an obscure wireless card that didn't normally work under Linux, but that had a Windows driver available.
|
|
|
|
|
It ain't that important to me. Besides, if I decide to change distros in the future, i'd probably have to do the ndiswrapper thing all over again, and I would prefer that all of this be really low impact. I'm essentially the laziest redneck you'll ever meet with regards to this kinda thing.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|