90
irby
4y

Looking at the database credentials for an application I’m working on.

Dev/QA password: yU$@1zmH91?
Prod password: app123

Comments
  • 2
    Reminds me of this: https://devrant.com/rants/2382155/

    But it was a test so I was safe lol
  • 0
    Switch the roles of the people who handled this
  • 4
    Why don't you add a firewall that can be accessed from specific IPs?
    I used to have my SSH pass 123 in DEV server but the server could be accessed only from my company's network.
  • 8
    @ColdFore Internal threats are a thing.
  • 3
    @Demolishun I am aware of that, but at least it is more secure than leaving port 22 in the open.
  • 2
    @gitpush
    Props for not fronting. 🙂You could easily have played it off like, "Someone's been poking around my honey pot ::trollface::"
  • 2
    My guess, dev env are handled by devs, prod by some manager that does not know security and who does not trust devs to dabble in prod ;)
  • 1
    @Voxera Right you are on that. "Look at the users, and you shall find your answer"
  • 1
    @SortOfTested 😂😂😂😂 next time 😝😝
  • 6
    Hey, you guys stole our prod password!
  • 0
    @ColdFore No it is not. Only if you can trust every node in the comp network it might be secure. I would rather have port 22 open with PKI auth only.
  • 0
    Wait wait wait why passwords in db are not hashed at least ?
  • 0
    @Mb3gr but they mean the password *to* access database

    lol, prod passwords are best
Add Comment