New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential Information Leakage #133
Comments
thank you,I will update it |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
In the settings'
__init__
function, it stores sensitive data including onedrive password, AWS key into a plaintext env file which is a potential security issue described in CWE-312.To Reproduce
Steps to reproduce the behavior:
Run the settings function.
Expected behavior
The password should stay in the memory or change the env file permission to only available to the user running the service.
The text was updated successfully, but these errors were encountered: