Comment by envsubst

Non security expert here. Walk me through the attack scenario here.

The database has access control right? So only a few people in the org can read the data. And you are imagining a case where they:

a) find an inverse image of a password hash and use that login as another person to do something bad.

b) reverse the password from the hash to use in another context.

If a is an issue, why does this individual have sensitive data access in the first place? b is still unlikely. Any inverse image is unlikely to be the password if there is salting.

It sounds like an improvement could be made, but maybe not the highest priority. Can you inform me?