Greetings,
We are researchers and we are looking for insecure coding patterns and configurations in the microservice architecture repositories. In your repository, we have found instances of usage of excessive privileges. CWE says "An attacker will be able to gain access to any resources that are allowed by the extra privileges. Common results include executing code, disabling services, and reading restricted data."
Hopefully, you agree and will fix it. We suggest you restrict certain privileges for a single user, instead of allocating all privileges.
Source:
|
GRANT ALL PRIVILEGES ON spanners.* TO "spanners"@"localhost" IDENTIFIED BY "password"; |
Greetings,
We are researchers and we are looking for insecure coding patterns and configurations in the microservice architecture repositories. In your repository, we have found instances of usage of excessive privileges. CWE says "An attacker will be able to gain access to any resources that are allowed by the extra privileges. Common results include executing code, disabling services, and reading restricted data."
Hopefully, you agree and will fix it. We suggest you restrict certain privileges for a single user, instead of allocating all privileges.
Source:
spanners/create database.sql
Line 33 in 0e4332a