App Security

So last night I did the cardinal sin: I committed my AWS access details to a public repo on Github.

Fortunately, Github picked it up within a few minutes, and I immediately logged in and deleted those keys in AWS.

I’ll fix the repo later.

Two lessons learned:

  1. Don’t do it.
  2. As soon as you realise you’re putting keys into an app, always, always, always put them into environment variables in the first instance. I normally do this, and just tried to “get this bloody thing working”, then forgot about that bit, then committed the changes.

Oops. That was more public than I intended to be.

Similar Posts

|

MessageSimply.com

Time for a new quick-win project. The idea is one I’ve been wanting for my own sites, and I couldn’t find anything to match. It’ll offer a simple widget that pops up on your sites, but rather than being an all-singing, all-dancing customer comms/support/chat/helpdesk widget, it’ll have one function: Take a message, a name, and…

Build vs Buy

Working in enterprise situations, you hear a lot about build vs buy: is it cheaper to create an IT solution yourself, or buy-in a solution from a third-party? It’s not always down to cost, obviously – other factors apply like requirements, security, privacy, integration into other systems, the supplier’s financial solidity, etc. But ultimately, those…

|

Build vs Buy, Part 2

In the previous post, I mentioned that I was looking into Bitrise for building the iOS and Android apps for Notifium. I’m still working on that. My conclusion is that Bitrise is a great tool. It’s based around workflows, each of which consists of a number of steps carrying out the build activity for your application (whether…

Consolidation

So, nothing written here for 2.5 months. What happened? First, January. Nothing drastic, but I just needed time out. I did things with the family, played games, met friends, etc. No real side-project work other than keeping on top of email, twitter, etc. But things picked up in February…