thingoftheday
thingoftheday copied to clipboard
whitep4nth3r
Tutorial Exposes API Keys
Tried to find a better way to notify you but couldn't. Your tutorial exposes people's API keys. I took a look through the forked repos and could find a few the credentials file.
Hello! Thanks for your message. These API keys are OK to be exposed as they are read only – and I wanted to make it clear how to use the keys. They are my keys and I'm fine with them being exposed in this instance 🙂
Other people will need to take the necessary precautions if they wish to obfuscate their read only keys, but that wasn't the point of the tutorial – and I mention the keys are read only in the accompanying blog post.
Gotcha. The tutorial tells users to save their own keys to their repos and since I can see their forked repos then I can see theirs. If you're happy I'm happy though :).
On Fri, Nov 12, 2021, 12:18 PM @whitep4nth3r @.***> wrote:
Hello! Thanks for your message. These API keys are OK to be exposed as they are read only – and I wanted to make it clear how to use the keys. They are my keys and I'm fine with them being exposed in this instance 🙂
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/whitep4nth3r/thingoftheday/issues/5#issuecomment-967321066, or unsubscribe https://github.com/notifications/unsubscribe-auth/AARTS7GKHDAHLO6GGD4C2D3ULVLA3ANCNFSM5H5ND6LA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.