Skip to content

security(pg0): add HINDSIGHT_API_PG0_PASSWORD env var and log warning on default#2799

Open
handnewb wants to merge 1 commit into
vectorize-io:mainfrom
handnewb:fix/pg0-randomize-default-password
Open

security(pg0): add HINDSIGHT_API_PG0_PASSWORD env var and log warning on default#2799
handnewb wants to merge 1 commit into
vectorize-io:mainfrom
handnewb:fix/pg0-randomize-default-password

Conversation

@handnewb

Copy link
Copy Markdown
Contributor

Summary

The pg0 embedded PostgreSQL database used hardcoded credentials (user='hindsight', password='hindsight') with no way to override except by passing explicit kwargs to EmbeddedPostgres().

While pg0 only listens on localhost by default, containerized deployments where the pg0 port is accidentally mapped to the host create a risk — an attacker on the same network could connect with known credentials.

Changes

  • Added HINDSIGHT_API_PG0_PASSWORD env var to override the default password
  • Added _resolve_default_password() function that checks the env var first
  • EmbeddedPostgres.__init__() now uses None as default for password, resolving via _resolve_default_password()
  • Log WARNING when the hardcoded default is active
  • Backward compatible: all existing callers continue to work unchanged

Verification

  • Explicit password kwarg still takes precedence (e.g., tests)
  • Env var HINDSIGHT_API_PG0_PASSWORD overrides the hardcoded default
  • Default behavior unchanged (same password, just with a warning log)

Found during cybersecurity audit.

… on default

The pg0 embedded PostgreSQL database used hardcoded credentials
(user='hindsight', password='hindsight') with no way to override
except by passing explicit kwargs. This adds:

- HINDSIGHT_API_PG0_PASSWORD env var to override the password
- WARNING log when the hardcoded default is active
- Backward compatible: existing callers continue to work unchanged

Found during cybersecurity audit.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant