Comments (4)
iherman
commented on June 21, 2024
I am not sure what the question is...
The OAUTH Token of GH actually cannot be committed to GH. If you do, GH realizes that and will immediately invalidate the key (it happened to me once). That is one of the reasons why I had to have a config file (~/.scribejs.json or CGI-Executable/.scribe.json) that is never on the Web and can carry the Key.
from scribejs.
iherman
commented on June 21, 2024
Oh I am sorry, I get it. But the config file in the test directory does NOT include the GH Token. And it cannot, see #10 (comment). On the other hand, it is useful if others want to test it.
from scribejs.
tripu
commented on June 21, 2024
“But the config file in the test directory does NOT include the GH Token.”
It might, at some point.
Or other sensitive info, like local paths or hostnames, username/password for our CVS server, a developer key for the W3C API…
It's good practice to exclude configuration and all particulars from version control, imho. They vary from user to user. And apart from the security concerns, changes in config files add noise to the Git history.
“And it cannot, see #10 (comment).”
It's kind of funny GitHub is catching its own tokens inside attempted commits and aborting them… I guess it's a nice feature, but we should not rely on that.
from scribejs.
iherman
commented on June 21, 2024
Ok. I have removed the example config files.
from scribejs.
Related Issues (20)
- Do we need package 'node-fetch'? HOT 2
- Refactor "convert.io" using regex'es instead? HOT 2
- Do we need "CGI/protocol.js"? HOT 2
- CGI: add option to commit to w3.org space instead of GH repo? HOT 5
- Review input sanitisation HOT 4
- Prevent form against inadequate use HOT 7
- Use npm package 'octocat' instead of interacting directly with the GH API? HOT 2
- Remove the latest ES dependencies from preset.js HOT 1
- Publish scribejs in npm HOT 6
- Do we need field “files” in “package.json”? HOT 2
- Whitespace and coding style? HOT 5
- Add JSON-LD to Jekyll preamble HOT 8
- Markdown id format HOT 1
- GitHub Pages Hosting of new BrowserView HOT 6
- Integrate BrowserView editor with GitHub's Personal Token & API HOT 4
- Validate nickname files in BrowserView HOT 1
- security holding package HOT 3
- Browserify the tool? HOT 3
- Security alert on marked version HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scribejs.