Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Leaked ClientID linkedin in sourcecode. #16

Open
philipjonsen opened this issue Sep 13, 2023 · 0 comments
Open

Leaked ClientID linkedin in sourcecode. #16

philipjonsen opened this issue Sep 13, 2023 · 0 comments

Comments

@philipjonsen
Copy link

DESCRIPTION
Secrets should never be checked into source code. Ideally, they should be injected into the runtime and then the values should be picked from there.

Examples of secrets are SSH keys, API keys and secrets (AWS or Stripe APIs, for example), database credentials etc.

BAD PRACTICE
In the sample Python code below, the secrets have been hardcoded:

key = "12345azan+/ryGUuk"
RECOMMENDED
Ideally, this should be picked from the environment, like:

key = os.getenv("SECRET_KEY")

Leaked "LinkedIn Client ID" detected in source: "IoLogoLinkedin"
src/config/icon.config.js

export const SocialFacebookIcon = IoLogoFacebook; // Social Facebook icon
export const SocialTwitterIcon = IoLogoTwitter; // Social Twitter icon
export const SocialGooglePlusIcon = IoLogoGoogleplus; // Social Google Plus icon
export const SocialLinkedinIcon = IoLogoLinkedin; // Social Linkedin icon
export const SocialDribbbleIcon = IoLogoDribbble; // Social Dribbble icon

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant