root
/
threadr.lostcave.ddnss.de
3
1
Fork 1
Code Issues 18 Pull Requests Projects Releases Wiki Activity

Change login data that may be leaked when this goes FOSS #6

New Issue
Closed
opened 2021-08-15 13:21:30 +02:00 by BodgeMaster · 3 comments
BodgeMaster commented 2021-08-15 13:21:30 +02:00
Collaborator

Change all login data that may be contained in this project’s history in case I haven’t changed it already. Also, move all login data outside of this project.

Change all login data that may be contained in this project’s history in case I haven’t changed it already. Also, move all login data outside of this project.
BodgeMaster added the
ToDo
Migration
Priority: URGENT
 labels 2021-08-15 13:21:55 +02:00
BodgeMaster self-assigned this 2021-08-18 18:23:25 +02:00
BodgeMaster commented 2021-08-18 18:23:54 +02:00
Poster
Collaborator

Going through all files and collecting all login data within the code now.

Going through all files and collecting all login data within the code now.
BodgeMaster commented 2021-08-18 20:21:45 +02:00
Poster
Collaborator

Found login data in:

/admin.php:
- MySQL 'webstuff'

/threadr/board/board.php
- MySQL 'webstuff'

/threadr/board/index.php
- MySQL 'webstuff'

/threadr/boards/index.php
- MySQL 'webstuff'

/threadr/login/redirect.php
- MySQL 'webstuff'

/threadr/profile/index.php
- MySQL 'webstuff'

/threadr/signup/verify-email/index.php
- MySQL 'webstuff'

/threadr/userhome/index.php
- MySQL 'webstuff'

/web.sql
- doesn’t contain clear login information but the test users with auth hashes

Summary: I expected worse.... This is not actually that bad.

Found login data in: /admin.php: - MySQL 'webstuff' /threadr/board/board.php - MySQL 'webstuff' /threadr/board/index.php - MySQL 'webstuff' /threadr/boards/index.php - MySQL 'webstuff' /threadr/login/redirect.php - MySQL 'webstuff' /threadr/profile/index.php - MySQL 'webstuff' /threadr/signup/verify-email/index.php - MySQL 'webstuff' /threadr/userhome/index.php - MySQL 'webstuff' /web.sql - doesn’t contain clear login information but the test users with auth hashes Summary: I expected worse.... This is not actually that bad.
BodgeMaster commented 2021-08-18 21:16:37 +02:00
Poster
Collaborator

Changed MySQL password for 'webstuff'

Changed MySQL password for 'webstuff'
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
reset
master
Labels
Clear labels   
#19

The ideal label to put on all the things that look kinda hack...   
Bad Style

Convention violations and just overall bad style   
Broken

A bug that compromises usability   
Bug

Unexpected behavior that doesn't compromise usability   
Migration

Issues related to moving ThreadR from its old home as the main page on LostCave to a new server and a new domain   
Network

Network issues that need to be addressed   
Priority: High

high priority   
Priority: Low

low priority   
Priority: Normal

normal priority   
Priority: URGENT

Do ASAP   
Suggestion

"No pressure, it's fine."   
ToDo

Does this really need an explanation?   
nofun

Nobody wants to deal with this.
No Label
#19
Bad Style
Broken
Bug
Migration
Network
Priority: High
Priority: Low
Priority: Normal
Priority: URGENT
Suggestion
ToDo
nofun
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
BodgeMaster
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: root/threadr.lostcave.ddnss.de#6
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?