Researchers have discovered a major security leak hiding in plain sight on the internet that could expose the personal data and financial records of millions of people. In a paper published on the arXiv preprint server, Nurullah Demir of Stanford University and colleagues analyzed 10 million websites to see how often API (application programming interfaces) credentials are exposed. These are digital keys or tokens that enable different software programs to communicate and are often used to process bank payments and access cloud storage.
Sigh. Don’t hardcode credentials in scripts, especially client-facing ones! If you must have credentials in plaintext on a file system, at least do something like PostgreSQL’s pgpass file (and don’t commit it to your version control system, or have it accessible via your web server!) with the appropriate user permissions set on it.
Sigh. Don’t hardcode credentials in scripts, especially client-facing ones! If you must have credentials in plaintext on a file system, at least do something like PostgreSQL’s pgpass file (and don’t commit it to your version control system, or have it accessible via your web server!) with the appropriate user permissions set on it.