Hello,
My name is Emma, I am conducting an academic study on possible credential exposure in public GitHub repositories.
While analyzing this repository, I found a string that may represent a credential. I'm including the code snippet below containing possible leakage. To avoid exposing sensitive information publicly, I marked the sensitive information.
Could you please help clarify whether the detected string is:
- a real credential, or
- a placeholder / example value?
Thank you for your time.
Code snippet (sensitive values masked):
'@' + coin.settings.mdb.host +
':' + coin.settings.mdb.port +
'/' + coin.settings.mdb.database;
console.log('Database: ' + coin.settings.mdb.host + ':' + coin.settings.mdb.port + '/' + coin.settings.mdb.database);
coin.settings.mdb.password = "XX****XX";
coin.settings.mdb = null; // garbage collection
// Connect to Database
function databaseConnect(){
mdb.connect(dbString, function(err) {
if (err){
Thank you in advance for your time - I really appreciate it!
Sincerely,
Emma
Hello,
My name is Emma, I am conducting an academic study on possible credential exposure in public GitHub repositories.
While analyzing this repository, I found a string that may represent a credential. I'm including the code snippet below containing possible leakage. To avoid exposing sensitive information publicly, I marked the sensitive information.
Could you please help clarify whether the detected string is:
Thank you for your time.
Code snippet (sensitive values masked):
Thank you in advance for your time - I really appreciate it!
Sincerely,
Emma