Skip to content

FEATURE: Configuration module secret scrubbing #5575

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: feature/configuration-ui
Choose a base branch
from
Open

FEATURE: Configuration module secret scrubbing #5575

wants to merge 4 commits into from
+62 −9

Conversation

@gradinarufelix
Copy link
Contributor

@gradinarufelix gradinarufelix commented Jun 21, 2025
edited
Loading

Upgrade instructions

Review instructions

Checklist

  • Code follows the PSR-2 coding style
  • Tests have been created, run and adjusted as needed
  • The PR is created against the lowest maintained branch
  • Reviewer - PR Title is brief but complete and starts with FEATURE|TASK|BUGFIX
  • Reviewer - The first section explains the change briefly for change-logs
  • Reviewer - Breaking Changes are marked with !!! and have upgrade-instructions

@dlubitz dlubitz self-requested a review June 21, 2025 11:28
@Sebobo Sebobo moved this to Reviews in PostCon Sprint 2025 Jun 24, 2025
mhsdesign
mhsdesign reviewed Jun 25, 2025
View reviewed changes
Copy link
Member

@mhsdesign mhsdesign left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isnt the configuration module only available to administrators and thus negligible that the database connection is visible (it actually helps when debugging a neos in a cluster)

@gradinarufelix
Copy link
Contributor Author

gradinarufelix commented Jun 25, 2025

@mhsdesign The idea was that it should still not be visible, because the entry point is quite weak. A hijacked admin login exposes all your credentials for not only the database, but also external APIs.

@Sebobo Sebobo force-pushed the feature/configuration-ui branch 2 times, most recently from 8664a10 to 8c1e55c Compare October 21, 2025 13:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mhsdesign mhsdesign mhsdesign left review comments

@dlubitz dlubitz Awaiting requested review from dlubitz

Assignees

No one assigned

Labels

Feature

Projects

No open projects
PostCon Sprint 2025
Status: Reviews

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@gradinarufelix @mhsdesign @bwaidelich @Sebobo