search

WhyNotHugo / django-mercadopago

⚠️ Deprecated. Use https://github.com/jazzband/django-payments/ instead.
ISC License
33 stars 12 forks source link

May are sensible data in the tests #28

Closed agustin-jimenez closed 4 years ago

agustin-jimenez commented 4 years ago

Sorry about that. I'm do not have a great security knowledges.

I just want to ensure that you do not have real access tokens in the test of this project. Or may you have a mercadopago account only for tests.

If it will be true, please delete the access token in MercadoPago because if you only deletes ths information in Github this will be persists in the logs and commit history.

Having tokens publicly exposed are a bad practice in general. But may you know that and do not have any security problems.

Anyway... you repo is awesome, thaks a lot!

WhyNotHugo commented 4 years ago

The tokens are not real production tokens.

One of the goals of keeping them in the database, is to make sure they're never included in the code in any way.

Appreciate the warning though. Thanks, cheers!