Hacker News new | ask | show | jobs
by b123400 2147 days ago
If this turns out to be an effective lesson on security, systems should implement their own meow to protect their users.

E.g. A database That intentionally removes itself if the default password/an insecure password is used, with an easy-to-follow guide in error log on how to properly configure it.
1 comments
hinkley 2147 days ago
If memory serves, Postgres will only listen on 127.0.0.1 unless the admin password has been set.

All software should work like that.

link
steffan 2147 days ago
MongoDB listens only on localhost by default since 3.6 (2017)
link
hinkley 2147 days ago
You are allowed to judge people for taking far, far too long to do the right thing.

It indicates a pattern of poor judgement, which speaks to trust. You know they are going to let you down each time a new issue comes up.

Faulting people for being cautious around such bad actors (which I'm not saying you're doing, but the response will) speaks to your judgement, not the vendor's.

link