Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


All credentials in config dir are public?? #95

nov opened this Issue · 5 comments

3 participants

Nov Matake Lance Pollard Jakub Arnold
Nov Matake

Seems tower.js copies all files in config dir to public/javascripts/config.
It makes these credentials public...

Lance Pollard lancejpollard closed this issue from a commit
Lance Pollard lancejpollard fixes #95 c5d93bc
Lance Pollard

Fixed, thanks for pointing out!

For those of you with existing apps, make sure you update your Watchfile:

Specifically those 2 javascript sections.

Also, delete the files in ./public/javascripts/config.

Nov Matake

Thanks for your quick fix ;)

Lance Pollard

Should make this more bullet proof, in case the Watchfile is changed or anything strange happens where those files are put in public. Maybe a regex or warning before git commit if there is a file in public matching a pattern. Or add to gitignore... Will keep in mind.

Nov Matake

Or just make them JSON files?

Jakub Arnold

:bomb: ... trollface.jpg

Dave Myron contentfree referenced this issue from a commit
Lance Pollard lancejpollard fixes #95 ddd9707
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.