geeknik on Nostr: Despite repeated warnings, developers continue to embed sensitive credentials such as ...
Despite repeated warnings, developers continue to embed sensitive credentials such as keys, tokens, and passwords in their source code, leading to security breaches, as evidenced by Uber's 2015 incident and the thousands of secrets found in Python projects on PyPI. This widespread issue persists across various programming languages and repositories, with some exposed credentials still active and posing security risks. Secure alternatives for credential management do exist, such as environment files and secret management services provided by cloud platforms.
https://arstechnica.com/security/2023/11/developers-cant-seem-to-stop-exposing-credentials-in-publicly-accessible-code/Published at
2023-11-16 18:29:54Event JSON
{
"id": "2e4c267d10e183b7d0b2f9237bec9f2a36daf761c60e128f2852eaf8a2146797",
"pubkey": "4d8e327543efbe13ef4f49e43922a40258ac60ededcee062a568f18845a09a04",
"created_at": 1700159394,
"kind": 1,
"tags": [],
"content": "Despite repeated warnings, developers continue to embed sensitive credentials such as keys, tokens, and passwords in their source code, leading to security breaches, as evidenced by Uber's 2015 incident and the thousands of secrets found in Python projects on PyPI. This widespread issue persists across various programming languages and repositories, with some exposed credentials still active and posing security risks. Secure alternatives for credential management do exist, such as environment files and secret management services provided by cloud platforms.\n\nhttps://arstechnica.com/security/2023/11/developers-cant-seem-to-stop-exposing-credentials-in-publicly-accessible-code/",
"sig": "209c1ed53d12432b4be8296c3cd3df5be5275a2fc572452d28e9d081e1e2dd0c22d70838ca42e7b7c9289eca8fda56ff4010de556ed1c109cd86655faad46cd7"
}
