Wappler 5.5.3
Wappler’s database manager connection to remote Docker deployment is insecure:
- Wappler Docker deployment publishes DB port for the public:
services:
db:
ports:
- '9906:5432'
- Wappler UI connects to DB through this public port
- The user is left to guess if this connection is actually encrypted or susceptible to MITM attacks
- The user can’t configure Wappler to use SSH tunneling, because it gives this complaint:
Proposal:
- Change docker-compose.yml to only publish DB port on 127.0.0.1:
services:
db:
ports:
- '127.0.0.1:9906:5432'
- Change Wappler UI to use SSH tunneling to connect to the remote server and access DB on server’s 127.0.0.1