carrylexJul 12, 2024

Seriously how many times does this have to happen

https://lemmy.world/post/17495476

Seriously how many times does this have to happen - Lemmy.World

> One does not > commit or compile credentials Template [https://i.kym-cdn.com/photos/images/original/000/297/820/3c5.jpg] Context: This meme was brought to you by the PyPI Director of Infrastructure who accidentally hardcoded credentials [https://blog.pypi.org/posts/2024-07-08-incident-report-leaked-admin-personal-access-token/] - which could have resulted in compromissing the entire core Python ecosystem.

Show threadLeonard Menzel Jul 12, 2024
@carrylex git should be password manager aware and refuse to commit if changes include a password
Show threadcarrylexJul 12, 2024

Well from my personal PoV there are a few problems with that

  • You can’t detect all credentials reliably, they could be encoded in base64 for example
  • I think it’s kind of okay to commit credentials and configuration used for the local dev environment (and ONLY the local one). E.g. when you require some infrastructure like a database for your app and not every dev wants to manually set a few dozen configuration entries when they quickly want to checkout and run the app
    • Show threadbleistift2

    You can’t detect all credentials reliably,

    Easy. You check in the password file first. Then you can check if the codebase contains any entry on the blacklist.

    Wait…

    Jul 12, 2024 at 8:29pmWeb