We are security researchers and we are looking for insecure coding patterns and configurations in the microservice architecture repositories. In your repository, we have found instances of default port and HTTP without TLS usage.
I am interested to know if you agree with the findings. Any feedback is appreciated.
Data storage, MySQL 3306, reff: https://dev.mysql.com/doc/mysql-port-reference/en/mysql-ports-reference-tables.html
Data storage, Postgres 5432, reff: https://www.postgresql.org/docs/8.3/app-postgres.html
Data storage, MongoDB 27017, reff: https://docs.mongodb.com/manual/reference/default-mongodb-port/
Data transfer, rabbitMQ 5672, reff: https://www.rabbitmq.com/networking.html
Data transfer, Kafka 9092, reff: https://kafka.apache.org/07/documentation.html
Data transfer, HTTP, http 80 , 443 , reff: https://geekflare.com/default-port-numbers/
Data storage, Zookeeper 2181, reff: https://zookeeper.apache.org/doc/r3.1.2/zookeeperStarted.html
Monitoring, zipkin 9411 , reff: https://zipkin.io/pages/extensions_choices