Skip to content

Security: Insecure SSL Configuration in Database Connection#883

Closed
tuanaiseo wants to merge 11 commits into
XiaomiMiMo:mainfrom
tuanaiseo:contribai/fix/security/insecure-ssl-configuration-in-database-c
Closed

Security: Insecure SSL Configuration in Database Connection#883
tuanaiseo wants to merge 11 commits into
XiaomiMiMo:mainfrom
tuanaiseo:contribai/fix/security/insecure-ssl-configuration-in-database-c

Conversation

@tuanaiseo

@tuanaiseo tuanaiseo commented Jun 16, 2026

Copy link
Copy Markdown

Problem

The drizzle.config.ts in console/core sets rejectUnauthorized: false in the SSL configuration. This disables SSL certificate validation, making the application vulnerable to man-in-the-middle attacks when connecting to the MySQL database.

Severity: high
File: packages/console/core/drizzle.config.ts

Solution

Remove rejectUnauthorized: false or make it conditional for development only. Use proper CA certificates for production environments.

Changes

  • packages/console/core/drizzle.config.ts (modified)

Testing

  • Existing tests pass
  • Manual review completed
  • No new warnings/errors introduced

qiaozongming and others added 11 commits June 11, 2026 01:23
@qiaozongming
Initial open-source release of MiMo Code
7233b71
@qiaozongming
readme
4ef01a4
@ChuanfengZhang
docs: correct OpenCode repository URL in README files
251e207
@bwshen-mi
Update README
6ce77f0
@bwshen-mi
Merge pull request XiaomiMiMo#20 from ChuanfengZhang/main
9753077 
docs: correct OpenCode repository URL in README files
@qiaozongming
docs: update community group chat QR code
bc9546e
@qiaozongming
Merge pull request XiaomiMiMo#149 from XiaomiMiMo/chore/update-wechat…
e96727a 
…-qrcode

docs: update community group chat QR code
@qiaozongming
docs: update community WeChat QR codes
564b40c
@qiaozongming
Merge pull request XiaomiMiMo#252 from XiaomiMiMo/chore/update-wechat…
42e7da3 
…-qrcode

docs: update community WeChat QR codes
@qiaozongming
Update to latest release
ab53d06
@tuanaiseo
fix(security)(console): insecure ssl configuration in database connec…
4481c2a 
…tion

The drizzle.config.ts in console/core sets `rejectUnauthorized: false` in the SSL configuration. This disables SSL certificate validation, making the application vulnerable to man-in-the-middle attacks when connecting to the MySQL database.

Affected files: drizzle.config.ts

Signed-off-by: tuanaiseo <221258316+tuanaiseo@users.noreply.github.com>
@qiaozongming

qiaozongming commented Jun 18, 2026

Copy link
Copy Markdown
Collaborator

#943

@qiaozongming qiaozongming mentioned this pull request Jun 18, 2026
Open
@qiaozongming

qiaozongming commented Jun 18, 2026

Copy link
Copy Markdown
Collaborator

#1116

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@tuanaiseo @qiaozongming @Stole214 @titiwatpure @ChuanfengZhang @bwshen-mi