Comments (5)
Those are valid app credentials for local development.
from weg-li.
I do not understand: These keys are used to enable oauth signup with for example github. These keys are valid for some kind of "testing app" in github, I guess. Which one is it? It should have some kind of public website like other apps. If someone would create a fake weg.li website for some reason, maybe users would not see that they are logging in with the testing app. I think it is never good to publicly share something that is marked as "secret". Even if: Committing a .env
file is dangerous imo, because eventually someone will try to debug some production bug and adjust these values in the file. By accident they might then commit the changes and publish them. Having this file under source control is asking for trouble imo. I think it should be deleted and gitignored. Then you can create one locally with this data. Anyone else who wants to work on the logins just needs to create their own apps in github, google, etc. Piece of cake but danger removed. If the file (the environment variables) are not present, just disable the login with the respective services.
from weg-li.
Maybe also https://www.dotenv.org/security/ could be interesting...
from weg-li.
Well, I disagree
from weg-li.
Okay. I accept. I suggest to keep this issue closed then, if that is your decision. As a final remark I would like to highlight the recommendation of the dotenv project against committing .env files. Nevertheless this is not a critical issue as of now and for me the matter can be closed. Since you reopened the issue (and I do not really understand why), I let you the honors to close it again, if you want to.
from weg-li.
Related Issues (20)
- Zeitraum in PDF unvollständig falls Start- und Enddatum nicht identisch HOT 1
- Doppelter Name für Stadt Essen HOT 1
- Vergrößerung des Empfängerkreis bei Tatbeständen in Feuerwehrzufahrten und Feuerwehrbewegungszonen HOT 3
- 🐘 Wegliphant, ein API-Client für weg.li 🚲💨 in PHP HOT 16
- Feature request: add a help text/clarification about what "active user" means on the statistics page HOT 2
- Secrets und keys in .env einsehbar HOT 1
- Nicht alle Tatbestände auswählbar HOT 3
- Statistics bug: raise ("Anstieg") bars in monthly grouping are wrong HOT 2
- JSON-Download scheitert HOT 5
- iOS & Safari / Hinweis zur Standortfreigabe fehlerhaft HOT 5
- Can't start to contribute based on the Readme HOT 14
- Suche nach String-Fragmenten in den Tatvorwürfen HOT 7
- Enhancement: Datums-/Uhrzeituebernahme Beobachtungsstart -> Beobachtungsende HOT 7
- Fotos auf Gesichter überprüfen und diese zum Blurren vorschlagen HOT 1
- Bitte Tatbestand 102118 mit Ergänzung "zum Parken" hinzufügen HOT 3
- Fahrzeughersteller "Piaggio" hinzufügen HOT 5
- '+' in sign up email forbidden HOT 2
- CSV-Export noch Bedarf statt wöchentlich HOT 5
- Kartenansicht: Merken des als letzten besuchten Areals HOT 4
- API: Get all Notices scheitert mit 502 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from weg-li.