Skip to content
This repository has been archived by the owner on Apr 7, 2021. It is now read-only.

Don't leak secret key to log #39

Closed
stash opened this issue Feb 7, 2014 · 0 comments · Fixed by #40
Closed

Don't leak secret key to log #39

stash opened this issue Feb 7, 2014 · 0 comments · Fixed by #40

Comments

@stash
Copy link
Contributor

stash commented Feb 7, 2014

This seems like a fundamentally bad practice; attackers could use the log stream as a side-channel to obtain the key:

https://github.com/atmos/camo/blob/master/server.coffee#L218
@stash stash mentioned this issue Feb 7, 2014
Merged
@atmos atmos closed this as completed in #40 Feb 7, 2014
atmos added a commit that referenced this issue Apr 7, 2014
@atmos
Merge pull request #39 from github/security-headers
e0535bc 
Setup headers security team wants everywhere
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Do not log secret key stash/camo
1 participant
@stash