How are they getting access to the PostgreSQL database, unless this running code can communicate with it? That’s a big red flag, user provided code should always be sandboxed and isolated right?

▲

megamorf 5 days ago | parent [-]

The exfiltrated environment variables contained these entries:

``` "POSTGRESQL_DATABASE": "(CENSORED)", "POSTGRESQL_HOST": "(CENSORED)", "POSTGRESQL_PASSWORD": "(CENSORED)", "POSTGRESQL_USER": "(CENSORED)", ```

	▲	nodesocket 5 days ago \| parent [-]
		Sure, but connections from these worker machines shouldn’t be allowed directly to the database.