undefined | Better HN

0 pointschasil1y ago0 comments

The deal killer for me, the inescapable aspect of my users, is that they insist upon checking passwords into revision control.

Because the C and PL/SQL people are on CVS, I can fix this with vi on the ,v archive.

First on TFS repositories, and now with git grep I can easily find exposed passwords for many things. But it's just SQL Server!

We will never be able to use git responsibly, so I will peruse this guide with academic interest.

Don't even get me started on secrecy management.

I am looking forward to retirement!

0 comments

rblatz1y ago

The devs shouldn’t have access to prod credentials in the first place. That’s the real issue.

chasilOP1y ago

Internal audit said the same thing.

Quelle surprise!

sampullman1y ago

Commiting credentials is also a real issue, best to avoid doing both.

zelphirkalt1y ago

Then you need to hire someone else to manage the deployment of services though.

rswail1y ago

Sounds like you need a pre-commit hook to check.

maccard1y ago

Pre commit hooks aren’t enforcable. People need to opt in to them, and the people who opt in to them are the people who will check for passwords before they commit.

n_plus_1_acc1y ago

Server-side pre-recieve hooks are better

j / k navigate · click thread line to collapse