Remove hardcoded fallback database password from db_engine.py #20

New Issue

Open

opened 2026-02-20 06:49:38 +00:00 by cal · 1 comment

cal commented 2026-02-20 06:49:38 +00:00

Owner

Copy Link

app/db_engine.py:21 — The PostgreSQL password fallback is sba_dev_password_2024. Hardcoding it as a default makes it easy to accidentally run against a database without realizing the env var is unset. The fallback should be None or raise if missing.

Priority: medium | Labels: security

`app/db_engine.py:21` — The PostgreSQL password fallback is `sba_dev_password_2024`. Hardcoding it as a default makes it easy to accidentally run against a database without realizing the env var is unset. The fallback should be `None` or `raise` if missing. **Priority**: medium | **Labels**: security

cal added the

ai-working

label 2026-03-06 01:31:02 +00:00

cal referenced this issue from a commit 2026-03-06 01:33:34 +00:00

fix: remove hardcoded fallback database password from db_engine.py (#20)

cal referenced a pull request that will close this issue 2026-03-06 01:33:42 +00:00

fix: remove hardcoded fallback database password from db_engine.py (#20) #55

cal removed the

ai-working

label 2026-03-06 01:33:49 +00:00

cal commented 2026-03-06 01:33:52 +00:00

Author

Owner

Copy Link

Fixed in PR #55: #55

Changed os.environ.get('POSTGRES_PASSWORD', 'sba_dev_password_2024') → os.environ.get('POSTGRES_PASSWORD') so the password is None if the env var is unset, causing an immediate connection failure rather than silently using the stale dev credential.

Fixed in PR #55: https://git.manticorum.com/cal/major-domo-database/pulls/55 Changed `os.environ.get('POSTGRES_PASSWORD', 'sba_dev_password_2024')` → `os.environ.get('POSTGRES_PASSWORD')` so the password is `None` if the env var is unset, causing an immediate connection failure rather than silently using the stale dev credential.

cal added the

ai-pr-opened

label 2026-03-06 01:33:55 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

issue/101-fieldingstats-get-totalstats-total-count-overwritt

issue/71-refactor-manual-db-close-calls-to-middleware-based

fix/remove-hardcoded-webhook

issue/81-add-migration-tracking-system

issue/74-add-missing-indexes-on-foreign-key-columns-in-high

issue/69-boolean-fields-compared-as-integers-sqlite-pattern

issue/75-fix-n-1-query-pattern-in-standings-recalculation

issue/77-replace-row-by-row-delete-with-bulk-delete-in-care

issue/82-align-python-version-between-docker-image-3-11-and

issue/76-replace-deprecated-pydantic-dict-with-model-dump

issue/70-remove-sqlite-fallback-code-from-db-engine-py

issue/78-fix-discord-id-type-mismatch-between-model-charfie

issue/80-disable-autoconnect-and-set-pool-timeout-on-pooled

issue/73-add-type-annotations-to-untyped-query-parameters

issue/79-stop-logging-raw-auth-tokens-in-warning-messages

ai/major-domo-database-66

ai/major-domo-database-65

next-release

ai/major-domo-database-38

ai/major-domo-database-27

ai/major-domo-database-19

ai/major-domo-database-20

ai/major-domo-database-22

ai/major-domo-database-26

ai/major-domo-database-31

ai/major-domo-database-35

feat/sbaplayer-id-plays-filter

chore/optimize-claude-md

2026.4.3

2026.4.2

2026.4.1

2026.3.7

2026.3.6

2026.3.5

2026.3.4

2026.3.3

2026.3.2

2026.3.1

2026.2.3

2026.2.2

2026.2.1

Labels

Clear labels   

ai-changes-requested

  

ai-pr-opened

  

ai-reviewed

  

ai-reviewing

  

ai-reviewing

  

ai-working

No Label

ai-changes-requested

ai-pr-opened

ai-reviewed

ai-reviewing

ai-reviewing

ai-working

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cal/major-domo-database#20

No description provided.