问题描述
我了解大多数mysql都拒绝外部连接.因此,假设我的.env文件已公开,并且黑客设法将其获取.他们如何处理其信息?
I understand most of mysql deny external connections. So, let's say my .env file is exposed and a hacker manages to get it. What can they do with its information?
推荐答案
数据库:黑客可以使用数据库凭据并从数据库中读取/写入/删除数据.
Database: the hacker can use the DB credentials and read/write/remove data from your database.
客户的Credentails :登录数据库后,使用 ENV_KEY 可以提取所有用户的密码.基本上是登录并侵犯了隐私.
Client's Credentails: after the DB login, with the ENV_KEY they can decrpt password of all the users. Basically login in and violate the privacy.
付款网关:如果使用任何付款网关,则这些密钥+机密也会被公开.不知道他们会用它做什么.我的意思是,他们宁愿在其付款帐户中收到付款.
Payment Gateway: If using any payment gateway then those key + secret is also exposed. Not sure what they would use this for. I mean, they would rather receive payments on their payment account.
克隆:所有这些年的辛苦工作将在几秒钟内复制完.(在硅谷上看到)
Clone: All those years of hard work will be copied in seconds. (Saw it on Silicon Valley)
更糟,您的客户信息现在掌握在他们手中.他们可以出售/分享该&因此,您应对该违约行为承担责任.
Even worse, your clients information is in their hands now. They can sell/share that & because of that you are liable for that breach.
无论您对项目有多好或坏,黑客都可能造成更大的损失,因为他/她对自己的行为不承担任何责任.你会的.
Basically whatever good or bad you can do with your project, the hacker can do much more damage because he/she will not be responsible for his/her actions. You will be.
这篇关于黑客可以如何处理您的.ENV文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!