You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@Castronova, it looks like 73328c5 and 57f7baa introduced security vulnerabilities with the inclusion of oauth configuration data. We probably should prune these commits from the tree (this will be a pain) or at the least, they should be removed and new oauth configuration secrets be generated.
In the future, we should use a docker .env file that is never added to this repo that contains this and any other sensitive data. See the compose docs for examples. Likewise, I see that the ssl certs are being accessed from a volume mount, we probably should move these to docker-compose secrets that are treated with more care and are always read only. See the compose docs on this subject for an example (I also included one below).
@Castronova, it looks like 73328c5 and 57f7baa introduced security vulnerabilities with the inclusion of oauth configuration data. We probably should prune these commits from the tree (this will be a pain) or at the least, they should be removed and new oauth configuration secrets be generated.
In the future, we should use a docker
.env
file that is never added to this repo that contains this and any other sensitive data. See the compose docs for examples. Likewise, I see that the ssl certs are being accessed from a volume mount, we probably should move these todocker-compose
secrets that are treated with more care and are always read only. See the compose docs on this subject for an example (I also included one below).The text was updated successfully, but these errors were encountered: