remove password
-
The GitHub search for remove password is still (bafflingly) getting new results every day.
Here's a tweet from two decades ago:
-
Pathetic webshits somehow forget that they also need to change those passwords, don't they?
I also hope that most of those commits are not only about changing password, but about making files like
config.sample
and putting things likeput-your-password-here
where the password should be, and removing, well, the actual config with live data.
-
@wft I wouldn't necessarily count on it. If the commit message was something like "migrate password config to file" it wouldn't be picked up in the search... so the ones in the search are likely to have an over-representation of the cases where they really are just removing the password.
-
Skimmed through actual commits, most are University projects, hackathon-quality shit put together as a demo, most (on the first page) have throwaway passwords (
wang123456
). But maybe once in a lifetime you can get that S3 bucket...
-
-
@zecc said in remove password:
@wft said in remove password:
throwaway passwords (wang123456)
How sure are you it's a throwaway?
That looks like about the right quality for a password made by a user that would publish their password.
-
-
@zecc said in remove password:
@wft said in remove password:
throwaway passwords (wang123456)
How sure are you it's a throwaway?
That's the same password I have on my
luggageWDWTF account. Surely, nobody would gain anything by hacking it.