I'll just leave this here
-
There are no words ... [sigh]
-
I have a word! The word is: "WAT"
-
-
@Vaire Listen, security is HARD, okay? And posting stuff to github is SO IN right now, you guys. I mean, come'on, jeez, it's just our Slack credentials that we use at our Fortune 500 companies for actual production work. What's the big deal?
Filed Under: It's not paranoia if they ARE out to get you ^_-
-
@Vaire And Slack still does not offer an on-premises solution...
-
@blakeyrat said in I'll just leave this here:
@Vaire And Slack still does not offer an on-premises solution...
Correct. Which means, any responsible company that ACTUALLY cares about security, wouldn't be using it, for anything.
-
@Vaire Which is a pain because it means they have to use shitty, broken HipChat instead. Ugh.
-
@blakeyrat
Life is pain ... anyone who says differently is selling something. ;)
-
@Vaire Oh my god even I know well enough not to put credentials in github. And I'm dumb! So dumb I did it by accident earlier!
-
@AyGeePlus said in I'll just leave this here:
@Vaire Oh my god even I know well enough not to put credentials in github. And I'm dumb! So dumb I did it by accident earlier!
Hipsters care not for your "rules" or "logic" they must be different and beautiful and special, by doing the same thing all of the other hipsters are doing.
-
I've accidentally committed passwords to repos before, never for anything important though, so I understand how easy it is. That said, there's really no reason to put important shit like that in the repo at all. Environmental variables exist for a reason! Failing that, at least put it in a non-versioned config file. Sigh.
-
Also, fuck Slack. It's not at fault here, I just hate its copy-catting hipster nonsense.
-
@aapis Ditto on that...jesus, such a face palm moment.
-
The moment you hard-coded credentials in the source, you done goofed. Making it available on github is just the cherry on top.
-
@Kian said in I'll just leave this here:
hard-coded credentials in the source
Eh, it looks like often it's a matter of committing the configuration file.
-
@aapis said in I'll just leave this here:
Also, fuck Slack. It's not at fault here, I just hate its copy-catting hipster nonsense.
-
@Yamikuronue said in I'll just leave this here:
Eh, it looks like often it's a matter of committing the configuration file.
That's what I did. I eventually switched to a <project>.cfg.example with no passwords but the right structure.
-
@Yamikuronue In my case...That is what happened.
-
@Vaire Smooches!
-
@aapis said in I'll just leave this here:
Environmental variables exist for a reason!
I don't think that's a good idea. There's a lot of software that dumps environment variables to crash reports and all it takes is one forgetful finger to send it away to some random internet person.
-
@Vaire said in I'll just leave this here:
@blakeyrat
Life is pain ... anyone who says differently is selling something. ;)First noble truth.
-
-
@dkf said in I'll just leave this here:
hard, but unfair.