|
|
|
|
|
|
by dumpsterdiver
1992 days ago
|
|
|
> the team had helpfully base64 encoded all the secrets in a debugging build, which was also in the open bucket It's laughable that we still use base64 in any sort of security context (username:password), because the only people interested in decoding it can do it effortlessly. It almost feels like a weird form of procrastination, where we know what we're doing is wrong, but we're just too damn lazy to do anything about it. |
|
|
So to bypass that devs base64 encode the secrets (in this case the output from env) so that it is displayed and they can use it to debug that the right environment variables are set...