parse-server icon indicating copy to clipboard operation
parse-server copied to clipboard
verified publisher icon parse-community

Database Password Security Check Doesn't Check All Possible URIs

Open sjmckee opened this issue 2 years ago • 2 comments

https://github.com/parse-community/parse-server/blob/2c2563ebd2ac5255b387296a563a34157ec076f5/src/Security/CheckGroups/CheckGroupDatabase.js#L18

Would it be beneficial to also look for config.databaseURI if a database adapter is not defined in the configuration object? I do not currently have a database adapter defined in my config (using Postgresql), and when I access the new /security endpoint, it informs me my password does not meet the minimum requirements. However, it does meet the minimum requirements specified in CheckGroupDatabase.js.

Here is an example that will fail the database password security check when only config.databaseURI is specified, but it should pass:

    export const config = {  
        databaseURI: 'postgres://mypostgresuser:q00A1qgxYNHzn2ID5XST@localhost:5432/parse'
        ...  
    }

sjmckee avatar Dec 12 '23 20:12 sjmckee

Thanks for opening this issue!

parse-github-assistant[bot] avatar Dec 12 '23 20:12 parse-github-assistant[bot]

Hello, I am new to contributing. Can you please give me some more explanation to this problem. It seems i can work on it.

userAdityaa avatar Dec 14 '23 13:12 userAdityaa