Do not send envVars in ServerInfo() (#4422)

Sending envVars along with access and secret exposes the entire minio server's sensitive information. This will be an unexpected situation for all users. If at all we need to look for things like if credentials are set through env, we should only have access to only this information not the entire set of system envs.
2025-11-10 22:10:12 -05:00 · 2017-05-24 21:09:23 -07:00
parent 99ca8a2928
commit b78f6fbcc5
6 changed files with 40 additions and 25 deletions
--- a/browser/app/js/components/Browse.js
+++ b/browser/app/js/components/Browse.js
@@ -68,7 +68,7 @@ export default class Browse extends React.Component {
          memory: res.MinioMemory,
          platform: res.MinioPlatform,
          runtime: res.MinioRuntime,
-          envVars: res.MinioEnvVars
+          info: res.MinioGlobalInfo
        })
        dispatch(actions.setServerInfo(serverInfo))
      })
--- a/browser/app/js/components/SettingsModal.js
+++ b/browser/app/js/components/SettingsModal.js
@@ -34,23 +34,12 @@ class SettingsModal extends React.Component {

    let accessKeyEnv = ''
    let secretKeyEnv = ''
-    // Check environment variables first. They may or may not have been
-    // loaded already; they load in Browse#componentDidMount.
-    if (serverInfo.envVars) {
-      serverInfo.envVars.forEach(envVar => {
-        let keyVal = envVar.split('=')
-        if (keyVal[0] == 'MINIO_ACCESS_KEY') {
-          accessKeyEnv = keyVal[1]
-        } else if (keyVal[0] == 'MINIO_SECRET_KEY') {
-          secretKeyEnv = keyVal[1]
-        }
-      })
-    }
-    if (accessKeyEnv != '' || secretKeyEnv != '') {
+    // Check environment variables first.
+    if (serverInfo.info.isEnvCreds) {
      dispatch(actions.setSettings({
-        accessKey: accessKeyEnv,
-        secretKey: secretKeyEnv,
-        keysReadOnly: true
+          accessKey: 'xxxxxxxxx',
+          secretKey: 'xxxxxxxxx',
+          keysReadOnly: true
      }))
    } else {
      web.GetAuth()