Hacker News new | past | comments | ask | show | jobs | submit login

> Zero reads credentials from environment variables. Zero also loads variables from .env file in your project root, if it's present.

Security nightmare? Can I do myapp.com/.env and read the credentials from the wider internet?

Why would you assume that they have this bug? If you’re actually curious if the bug exists go read the code or try it yourself.

Another common on this page documents this bug on their production website.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact