[trueleo]

> Please do not store any sensitive data on this server as the data is openly accessible. We'll delete the data on this server periodically.

It is there for demo purpose ig

It also gives you this warning when you run the build

Warning: Parseable server is using default credentials. Setup your credentials with P_USERNAME and P_PASSWORD before storing production logs.

Parseable server is using default object storage backend with public access. Setup your object storage backend with P_S3_URL before storing production logs.

[Volundr]

The problem is this means I'm one misconfiguration away from sending all my data to a stranger's server on the internet. If I misconfigure an Ansible playbook or kubernetes deploy I'm not going to see that warning. Frankly even if a sysadmin is configuring it by hand we shouldn't be counting on them noticing the warning for our security.

I believe they have good intentions and are just trying to make it easy to try out, but this is just too big a footgun hanging out. Makes it untouchable for me.

[thayne]

Having a public place to send demo logs is fine. Sending logs there by default, rather than having to opt in to demo mode, is bad. The default should be to fail to start unless credentials for the data store are provided. Or alternatively store to the local filesystem by default.