https://webdevetc.com/blog/how-to-get-someones-database-credentials-while-they-are-editing-config-files-on-a-live-server
When editing on a web-server in production with an editor like Vim, that editor will create a swap file which could mistakenly be served to the public. Therefore it is
A) important to restrict the filetype that is being served (you can do this in .htaccess or php config (NodeJS doesn’t have this problem since files are served from the public folder only and html is templated first)).
B) do not edit on a production server, instead use a staging tool like Git.
Ruby(Qianru) Yang says
Hi Frederic, thank you for sharing this interesting article about how to get someone’s database credentials while they are editing config files on a live server and how to prevent this attack.
Xinteng Chen says
Thank you for introducing this kind of attack for us. It is dangerous to lose the information from database while users are editing. config files. It is important for users to have some ways to prevent this attack. Sharing the edit files can help hackers attack the servers o obtain the information. This article reminds users to edit database on a secure environment.