Skip to content

Database Password Security Check Doesn't Check All Possible URIs #8833

New issue
New issue
Open
#9078
Open
Database Password Security Check Doesn't Check All Possible URIs#8833
#9078
Labels
bounty:$10Bounty applies for fixing this issue (Parse Bounty Program)type:featureNew feature or improvement of existing feature
@sjmckee

Description

@sjmckee
sjmckee
opened on Dec 12, 2023

parse-server/src/Security/CheckGroups/CheckGroupDatabase.js

Line 18 in 2c2563e

const databaseUrl = databaseAdapter._uri;

Would it be beneficial to also look for config.databaseURI if a database adapter is not defined in the configuration object? I do not currently have a database adapter defined in my config (using Postgresql), and when I access the new /security endpoint, it informs me my password does not meet the minimum requirements. However, it does meet the minimum requirements specified in CheckGroupDatabase.js.

Here is an example that will fail the database password security check when only config.databaseURI is specified, but it should pass:

    export const config = {  
        databaseURI: 'postgres://mypostgresuser:q00A1qgxYNHzn2ID5XST@localhost:5432/parse'
        ...  
    }

Activity

parse-github-assistant

parse-github-assistant commented on Dec 12, 2023

@parse-github-assistant
parse-github-assistantbot
on Dec 12, 2023

Thanks for opening this issue!

mtrezza
added
type:featureNew feature or improvement of existing feature
bounty:$10Bounty applies for fixing this issue (Parse Bounty Program)
on Dec 13, 2023
userAdityaa

userAdityaa commented on Dec 14, 2023

@userAdityaa
userAdityaa
on Dec 14, 2023

Hello, I am new to contributing. Can you please give me some more explanation to this problem. It seems i can work on it.

pavan-dulam
mentioned this on Apr 11, 2024
pavan-dulam
linked a pull request that will close this issue on Apr 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    bounty:$10Bounty applies for fixing this issue (Parse Bounty Program)type:featureNew feature or improvement of existing feature

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @sjmckee@mtrezza@userAdityaa

      Issue actions
        Database Password Security Check Doesn't Check All Possible URIs · Issue #8833 · parse-community/parse-server