Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Risk - Public access to your API Keys #2

Open
EpicnessTwo opened this issue May 4, 2016 · 2 comments
Open

Security Risk - Public access to your API Keys #2

EpicnessTwo opened this issue May 4, 2016 · 2 comments
Assignees
@davidsommer
Labels
bug

Comments

@EpicnessTwo
Copy link

This is a nice system but storing the API keys in a public place isn't such a good idea. It doesn't take long for someone to find the config.js file and then they have a copy of your API key which can be used to change most things to do with Monitors on your account, add contacts or even remove everything.

I think it would be wise to either change this or let people know that this is not secure in a public setup.
@davidsommer davidsommer self-assigned this Apr 1, 2020
@davidsommer davidsommer added the bug label Apr 1, 2020
@MACscr
Copy link

MACscr commented Dec 26, 2020
edited
Loading

Obviously a person should only be using read only api keys. So not a security risk. For a javascript only project, there really isnt any other option.

@EpicnessTwo
Copy link
Author

This issue is over 4 years old. I don't recall there being seperate read-only api keys back then either.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@davidsommer davidsommer

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MACscr @davidsommer @EpicnessTwo