GMAIL Passwords on GitHub

14 pointstawrahim10y ago1 comments

Its a bit of shame how our developer community handles password. I feel we should know better but unfortunately we are terrible at it. To send an email from your app you simply need to provide a few parameters (username, password) and you are golden. The only thing is that developers commit this sensitive information on github. I simply searched for the term "smtp.gmail.com" on github and bam loads of passwords! My observations,

* I tried to login to some of the accounts and gmail asked me to verify who I was. * Ruby community seems to be good about storing those details in the ENV

Case in point - NEVER DO THIS.

https://github.com/search?l=java&p=96&q=smtp.gmail.com&type=Code&utf8=%E2%9C%93

1 comments

esaym10y ago

At least for me, since I have a second 3rd party email registered with gmail, if a new device logs in, I will get an email saying there was a new login. 2 factor auth is even better, but a little more of a hassle.

j / k navigate · click thread line to collapse

GMAIL Passwords on GitHub

14 pointstawrahim10y ago1 comments

* I tried to login to some of the accounts and gmail asked me to verify who I was. * Ruby community seems to be good about storing those details in the ENV

Case in point - NEVER DO THIS.

https://github.com/search?l=java&p=96&q=smtp.gmail.com&type=Code&utf8=%E2%9C%93

1 comments

esaym10y ago

j / k navigate · click thread line to collapse