git-at-me icon indicating copy to clipboard operation
git-at-me copied to clipboard
verified publisher icon jgable

Generate secret for webhook from personal token

Open jgable opened this issue 12 years ago • 3 comments

We should hash the token using SHA256 and pass it as a secret to be posted with GitHub Events to protect against random people POSTing data to the server.

If necessary, we should also verify the secret in the handleEventPost method.

jgable avatar Dec 15 '13 17:12 jgable

:+1:

parkr avatar Feb 17 '14 05:02 parkr

I'll try to take a look at this this week if I can find time. Let me know if you'd like to take a shot at it yourself so we don't overlap.

jgable avatar Feb 17 '14 15:02 jgable

I can probably look at this tonight!

parkr avatar Feb 17 '14 15:02 parkr