-
Notifications
You must be signed in to change notification settings - Fork 153
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create reset password doc #271
Conversation
✅ Deploy Preview for actualbudget-website ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
This comment has been minimized.
This comment has been minimized.
Hey, I am not sure this was ever supposed to be documented, if an attacker has access to run the commands you more than likely have more problems than resetting the password however it gives everyone (not just the budget owner) access to information on how to reset the budget password. |
OK no worries if not - I figured if you had this message in the UI it might make sense to document the process - as it implies there is a process, and won't take long for a nefarious user to uncover that. |
👋 This is great! I would be happy to merge it if you could solve the CI failures. If an attacker has gained access to the server - he has access to the data file too. So the attacker can just read it without a password (as long as it's not e2e encrypted). So from that perspective: this is not introducing a new attack vector. |
No description provided.