API Key should not be stored in git

Stypox / tridenta

Trentino public transport with stops, lines, trips and delays. Android app built with Jetpack Compose and Material 3.

GNU General Public License v3.0

33 stars 2 forks source link

API Key should not be stored in git #1

Closed daniel-reinhold closed 1 year ago

daniel-reinhold commented 1 year ago

See HttpClient.kt

Stypox commented 1 year ago

Well, that's basically a publicly available piece of information. It is the authentication user&password that all installations of "Muoversi in Trentino" use to connect to the underlying service, and a malicious actor would be able to find it anyway by looking inside "Muoversi in Trentino"'s APK for a couple of minutes. Also, in order to publish this app on F-Droid every part of the code needs to be open source, so the authentication should be, too.