uptime-dash icon indicating copy to clipboard operation
uptime-dash copied to clipboard

Published 20 hours ago verified publisher icon davidsommer

Security Risk - Public access to your API Keys

Open EpicnessTwo opened this issue 9 years ago • 2 comments

This is a nice system but storing the API keys in a public place isn't such a good idea. It doesn't take long for someone to find the config.js file and then they have a copy of your API key which can be used to change most things to do with Monitors on your account, add contacts or even remove everything.

I think it would be wise to either change this or let people know that this is not secure in a public setup.

EpicnessTwo avatar May 04 '16 10:05 EpicnessTwo

Obviously a person should only be using read only api keys. So not a security risk. For a javascript only project, there really isnt any other option.

MACscr avatar Dec 26 '20 19:12 MACscr

This issue is over 4 years old. I don't recall there being seperate read-only api keys back then either.

EpicnessTwo avatar Dec 31 '20 17:12 EpicnessTwo