Default port and HTTP without TLS should be avoided

[akondasif]

Greetings,

We are researchers and we are looking for insecure coding patterns and configurations in the microservice architecture repositories. In your repository, we have found instances of default port and HTTP without TLS usage.

According to a recent report default port usages must be avoided: https://www.bleepingcomputer.com/news/security/most-cyber-attacks-focus-on-just-three-tcp-ports/#:~:text=According%20to%20the%20report%2C%20the,(Hypertext%20Transfer%20Protocol%20Secure). Use of HTTP without TLS/SSL, should be avoided according to CWE. CWE-319: Cleartext Transmission of Sensitive Information. We also found hard-coded passwords

Source: https://github.com/MossabTN/quarkus-microservices-poc/blob/master/auth-service/realm/realm.json

Fix: #1

I am interested to know if you agree with the findings. Any feedback is appreciated.

Further details on default ports:

Data storage,  MySQL 3306, reff: https://dev.mysql.com/doc/mysql-port-reference/en/mysql-ports-reference-tables.html
Data storage,  Postgres 5432, reff: https://www.postgresql.org/docs/8.3/app-postgres.html 
Data storage,  MongoDB 27017, reff: https://docs.mongodb.com/manual/reference/default-mongodb-port/
Data transfer, rabbitMQ 5672, reff: https://www.rabbitmq.com/networking.html
Data transfer, Kafka 9092, reff: https://kafka.apache.org/07/documentation.html
Data transfer, HTTP, http 80 , 443 , reff: https://geekflare.com/default-port-numbers/  
Data storage,  Zookeeper 2181, reff: https://zookeeper.apache.org/doc/r3.1.2/zookeeperStarted.html
Monitoring,    zipkin 9411    , reff: https://zipkin.io/pages/extensions_choices