Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Ideally they'd report it so that password managers could warn everyone, but with just the database URI there isn't necessarily any obvious way to know what domain or business its associated with.


Doesn't really matter, as long as the credential is exposed, users can be warned. No matter where it came from.


If the attacker can write to the DB, then they can add entries to every table with the string "Hey your database is unsecured!"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: