ruby on rails - Production site kept in public repository. How secure it is? -
for testing cloned github repo private public. had details api keys , credentials in readme.got notified stranger. removed public repository.now should alter there can no attacks made on production site? alter of api keys,changing passwords,etc
your site not longer secure if private security details have been made public. you'll need alter secrets including api keys , passwords, including database connection details.
also, sure create cloned repo private or remove completely. adding commit deletes private details will not help. if want maintain repo public, you'll need follow github's guide removing sensitive data.
ruby-on-rails security
No comments:
Post a Comment