Open dk-dev opened 10 years ago
I'm sorry, I don't understand. Is this a friendly warning to remove potentially dangerous (to self) data?
Sent from my T-Mobile 4G LTE Device
https://api.spark.io/v1/devices/?access_token=427016082e1adc9172f7e6c32e810a26bcc6ebd8
Expire your token on spark's site as well.
Also see: https://help.github.com/articles/remove-sensitive-data
Reply to this email directly or view it on GitHub: https://github.com/chrisgervang/CLydE/issues/1
Thanks for the warning! That Spark was fried in an unfortunate interaction with HV so I didnt think to remove the uuid.
Won't happen again! Note to self: hackathon code needs to be sanitized.
From: ImJohnDoemailto:notifications@github.com Sent: 3/12/2014 2:22 PM To: chrisgervang/CLydEmailto:CLydE@noreply.github.com Subject: Re: [CLydE] remove spark core/token on app.js (#1)
I'm sorry, I don't understand. Is this a friendly warning to remove potentially dangerous (to self) data?
Sent from my T-Mobile 4G LTE Device
https://api.spark.io/v1/devices/?access_token=427016082e1adc9172f7e6c32e810a26bcc6ebd8
Expire your token on spark's site as well.
Also see: https://help.github.com/articles/remove-sensitive-data
Reply to this email directly or view it on GitHub: https://github.com/chrisgervang/CLydE/issues/1
Reply to this email directly or view it on GitHub: https://github.com/chrisgervang/CLydE/issues/1#issuecomment-37467196
I got the same alert. Rather thoughtful of them
Sent from my T-Mobile 4G LTE Device
Thanks for the warning! That Spark was fried in an unfortunate interaction with HV so I didnt think to remove the uuid.
Won't happen again! Note to self: hackathon code needs to be sanitized.
From: ImJohnDoemailto:notifications@github.com Sent: 3/12/2014 2:22 PM To: chrisgervang/CLydEmailto:CLydE@noreply.github.com Subject: Re: [CLydE] remove spark core/token on app.js (#1)
I'm sorry, I don't understand. Is this a friendly warning to remove potentially dangerous (to self) data?
Sent from my T-Mobile 4G LTE Device
https://api.spark.io/v1/devices/?access_token=427016082e1adc9172f7e6c32e810a26bcc6ebd8
Expire your token on spark's site as well.
Also see: https://help.github.com/articles/remove-sensitive-data
Reply to this email directly or view it on GitHub: https://github.com/chrisgervang/CLydE/issues/1
Reply to this email directly or view it on GitHub: https://github.com/chrisgervang/CLydE/issues/1#issuecomment-37467196
Reply to this email directly or view it on GitHub: https://github.com/chrisgervang/CLydE/issues/1#issuecomment-37472907
Yeah, this is definitely just a friendly reminder folks! Apparently I can't open cases for github.io/pages repos, maybe I can at mention @CMendy to let him know his site exposes his core and api token as well.
Wat, how do you even find my repo code ?? what is the worst that can happen ? someone reads my data ?
https://github.com/CMendy/CMendy.github.io/blob/master/js/main.js
// Check if core id and token is in local storage if (localStorage.getItem("api-token")) { $("#api-token").val(localStorage.getItem("api-token")); } else { localStorage.setItem("api-token","93499e15f3b3a36952c283bdf77c161977a626da"); $("#api-token").val(localStorage.getItem("api-token")); }
if (localStorage.getItem("core-id")) { $("#core-id").val(localStorage.getItem("core-id")); } else { localStorage.setItem("core-id", "50ff71065067545644320387"); $("#core-id").val(localStorage.getItem("core-id")); }
@CMendy the worst I can think of as an example with @sjunnesson ColorCloud code that looks like a NEST-like device. They have a variable called targetTemp. Right now it is set at a cool 56 F, but it's only 1 PUT command away from being set to 9000 F.
@dk-dev thanks for the warning, and that I expose the api. The end device is a fabric cloud filled with LEDs and you can control the color from the app so no harm if anyone uses it for any "evil". But good to have good practices anyways.
cheers
https://api.spark.io/v1/devices/?access_token=427016082e1adc9172f7e6c32e810a26bcc6ebd8
Expire your token on spark's site as well.
Also see: https://help.github.com/articles/remove-sensitive-data