hoppscotch icon indicating copy to clipboard operation
hoppscotch copied to clipboard
verified publisher icon hoppscotch

Confidential Information is stored in plain text in the DB

Open Breee opened this issue 1 year ago • 0 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Summary

It's simple, confidential stuff like

  • public.Account.providerAccessToken (the JWT token of a user) is stored in plain text
  • MAILER_SMTP_URL is stored in plain text which can contain credentials
  • MICROSOFT_CLIENT_SECRET is stored in plain text, which, if someone uses a priviledged client for some reason , can wipe whole azure accounts in the wrong hands.

There are probably more cases like this and I don't like it.

Why should this be worked on?

if passwords are in plain text, the security would be compromised by anyone having a glance at it. simple

Breee avatar Jun 12 '24 07:06 Breee