Reply to post:

No big deal, Rogers, your internal source code and keys are only on the open web. Don't hurry to take it down

Anonymous Coward
Anonymous Coward

""Having now seen Rogers’ standard of code, I have to point out that they should have set up server environment variables on the host machines, and then pulled any credentials and keys at run time," said Coulls. "

No they shouldn't, they should store / generate passwords in a password vault, keeping them away from any server and code until its needed for runtime and having it generate a new one at every start and interval.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021