Hi π
Automated scan from Lictor flagged a pattern that looks like a database connection string with embedded credentials in your public source. I verified the pattern matches; I did not verify it's a live production DB.
- What I saw: a
postgres:///mysql:///mongodb://-style URI with non-placeholder credentials.
- Why it might matter: if the DB is reachable from the internet and the password is real, anyone reading the repo has read/write access.
- What to check: the file the scan flagged. Reply here (or email Raffa@Lictor-AI.com) and I'll send path + line + redacted excerpt. If it's a test/sandbox/already-rotated, just say so and I'll close out.
Either way β thank you for the work you do on this repo. π
β Raffa Β· Lictor (open-source, Apache 2.0)
Hi π
Automated scan from Lictor flagged a pattern that looks like a database connection string with embedded credentials in your public source. I verified the pattern matches; I did not verify it's a live production DB.
postgres:///mysql:///mongodb://-style URI with non-placeholder credentials.Either way β thank you for the work you do on this repo. π
β Raffa Β· Lictor (open-source, Apache 2.0)