this post was submitted on 12 Jul 2024
368 points (97.4% liked)

Programmer Humor

18971 readers
612 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
368
Seriously how many times does this have to happen (lemmy.world)
submitted 1 month ago by [email protected] to c/[email protected]
46 comments fedilink hide all child comments
 

One does not commit or compile credentials

Template

Context:

This meme was brought to you by the PyPI Director of Infrastructure who accidentally hardcoded credentials - which could have resulted in compromissing the entire core Python ecosystem.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 41 points 1 month ago (2 children)

Here's the thing, config.json should have been on the project's .gitignore.

Not exactly because of credentials. But, how do you change it to test with different settings?

[–] [email protected] 19 points 1 month ago

For a lot of my projects, there is a config-.json that is selected at startup based the environment.

Nothing secure in those, however.

[–] [email protected] 12 points 1 month ago* (last edited 1 month ago)

But, how do you change it to test with different settings?

When it's really messy, we:

  • check in a template file,
  • securely share a .env file (and .gitignore it)
  • and check in one line script that inflates the real config file (which we also .gitignore).