You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sensitive information such as database username and password should not be
visible in public repositories. These information should be stored in a
configuration file and this file should be excluded from commit.
What steps will reproduce the problem?
1. Checkout the repository with this command:
hg clone https://code.google.com/p/mass-observation/
2. Almost evey java file in the directory
mass-observation/mob-web/src/java/newpackage contains the database username and
password. Open Login.java as an example. You see the following lines:
String dbUrl = "jdbc:mysql://titan.cmpe.boun.edu.tr:3306/database3";
String username = "project3";
String password = "i52jm";
3. Learn IP address of the server with this command:
host titan.cmpe.boun.edu.tr
4. Connect to the database remotely using the following command and entering
the password above:
mysql -u project3 -h 79.123.177.214 -p
5. Now you have full control over the database. For example; you can see all
registered users using the following commands:
USE database3;
SELECT * FROM users;
What is the expected output? What do you see instead?
Database username and password should not be in the public source code.
What version of the product are you using? On what operating system?
Ubuntu 12.04 LTS
Please provide any additional information below.
To use hg command, you should first install it using the following command:
sudo apt-get install mercurial
Original issue reported on code.google.com by erdemorm...@gmail.com on 17 May 2012 at 2:01
The text was updated successfully, but these errors were encountered:
Original issue reported on code.google.com by
erdemorm...@gmail.com
on 17 May 2012 at 2:01The text was updated successfully, but these errors were encountered: