Reply to post: Where does the fault lie?

GitHub ordered to hand over access logs to Uber


Where does the fault lie?

"secret access key" to the database... You mean password.

Posted to a gist, which was probably a secret gist, but it's still accessible by anyone who knows the url... I'm assuming they are trying to find the engineer who probably accidentally posted it with a paste of some code.

Is it their fault alone? Probably not.. Keys should be stored in configuration files or ENV, not code. If that was the case the whole team is responsible for never fixing that massively bad practice

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022