pipelines-as-code icon indicating copy to clipboard operation
pipelines-as-code copied to clipboard

Published 20 hours ago verified publisher icon openshift-pipelines

Switch incoming webhook shared secret to use Post data instad of query parameters

Open chmouel opened this issue 2 years ago • 1 comments

it's probably not super secure, cf:

  • https://www.fullcontact.com/blog/2016/04/29/never-put-secrets-urls-query-parameters/
  • https://security.stackexchange.com/a/181555

chmouel avatar Dec 22 '22 12:12 chmouel

we pass secret name right? and not the actual secret but yeah not secure anyway .

sm43 avatar May 30 '23 07:05 sm43