Skip to content

🔒 Remove hardcoded database connection string #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
AnyTng wants to merge 1 commit into
base: main
Choose a base branch
from
Open

🔒 Remove hardcoded database connection string #42

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion backend/RESTful API/appsettings.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
},

"ConnectionStrings": {
"DefaultConnection": "Server=localhost,1433;Database=pds;User Id=sa;Password=AnyTngDocker123!;Encrypt=False;"
"DefaultConnection": ""

Copilot AI Apr 6, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting DefaultConnection to an empty string can lead to a less actionable failure mode: Program.cs uses this value directly for EF Core and Hangfire SQL Server storage, so if an env var/user secret isn’t provided, the app will start with an empty connection string and throw later. Prefer removing the key entirely (so it’s clearly missing) and/or adding an explicit startup validation that throws a clear exception when the connection string is null/empty.

Suggested change
"DefaultConnection": ""

Copilot uses AI. Check for mistakes.

Copilot AI Apr 6, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indentation for "DefaultConnection" is inconsistent with the surrounding 2-space indentation style used elsewhere in this JSON file; please align it to match the established formatting to avoid noisy diffs in future edits.

Suggested change
"DefaultConnection": ""
"DefaultConnection": ""

Copilot uses AI. Check for mistakes.
},
Comment on lines 12 to 16

Copilot AI Apr 6, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This config file still contains other hardcoded secrets (e.g., JwtSettings:Secret, Stripe SecretKey/WebhookSecret, and EmailSettings:Password). If the intent is to remove sensitive credentials from source control, these values should also be moved to environment variables/user-secrets (and the exposed secrets rotated), otherwise the repo remains a high-risk secret leak.

Copilot uses AI. Check for mistakes.


Expand Down