chrisgervang / CLydE

0 stars 0 forks source link

remove spark core/token on app.js #1

Open dk-dev opened 10 years ago

dk-dev commented 10 years ago

https://api.spark.io/v1/devices/?access_token=427016082e1adc9172f7e6c32e810a26bcc6ebd8

Expire your token on spark's site as well.

Also see: https://help.github.com/articles/remove-sensitive-data

romechenko commented 10 years ago

I'm sorry, I don't understand. Is this a friendly warning to remove potentially dangerous (to self) data?

Sent from my T-Mobile 4G LTE Device

-------- Original message --------
From: Dustin Kost
Date:03/12/2014 2:12 PM (GMT-08:00)
To: chrisgervang/CLydE
Subject: [CLydE] remove spark core/token on app.js (#1)

https://api.spark.io/v1/devices/?access_token=427016082e1adc9172f7e6c32e810a26bcc6ebd8

Expire your token on spark's site as well.

Also see: https://help.github.com/articles/remove-sensitive-data


Reply to this email directly or view it on GitHub: https://github.com/chrisgervang/CLydE/issues/1

chrisgervang commented 10 years ago

Thanks for the warning! That Spark was fried in an unfortunate interaction with HV so I didnt think to remove the uuid.

Won't happen again! Note to self: hackathon code needs to be sanitized.


From: ImJohnDoemailto:notifications@github.com Sent: ‎3/‎12/‎2014 2:22 PM To: chrisgervang/CLydEmailto:CLydE@noreply.github.com Subject: Re: [CLydE] remove spark core/token on app.js (#1)

I'm sorry, I don't understand. Is this a friendly warning to remove potentially dangerous (to self) data?

Sent from my T-Mobile 4G LTE Device

-------- Original message --------
From: Dustin Kost
Date:03/12/2014 2:12 PM (GMT-08:00)
To: chrisgervang/CLydE
Subject: [CLydE] remove spark core/token on app.js (#1)

https://api.spark.io/v1/devices/?access_token=427016082e1adc9172f7e6c32e810a26bcc6ebd8

Expire your token on spark's site as well.

Also see: https://help.github.com/articles/remove-sensitive-data


Reply to this email directly or view it on GitHub: https://github.com/chrisgervang/CLydE/issues/1


Reply to this email directly or view it on GitHub: https://github.com/chrisgervang/CLydE/issues/1#issuecomment-37467196

romechenko commented 10 years ago

I got the same alert. Rather thoughtful of them

Sent from my T-Mobile 4G LTE Device

-------- Original message --------
From: Chris Gervang
Date:03/12/2014 2:47 PM (GMT-08:00)
To: chrisgervang/CLydE
Cc: ImJohnDoe
Subject: Re: [CLydE] remove spark core/token on app.js (#1)

Thanks for the warning! That Spark was fried in an unfortunate interaction with HV so I didnt think to remove the uuid.

Won't happen again! Note to self: hackathon code needs to be sanitized.


From: ImJohnDoemailto:notifications@github.com Sent: ‎3/‎12/‎2014 2:22 PM To: chrisgervang/CLydEmailto:CLydE@noreply.github.com Subject: Re: [CLydE] remove spark core/token on app.js (#1)

I'm sorry, I don't understand. Is this a friendly warning to remove potentially dangerous (to self) data?

Sent from my T-Mobile 4G LTE Device

-------- Original message --------
From: Dustin Kost
Date:03/12/2014 2:12 PM (GMT-08:00)
To: chrisgervang/CLydE
Subject: [CLydE] remove spark core/token on app.js (#1)

https://api.spark.io/v1/devices/?access_token=427016082e1adc9172f7e6c32e810a26bcc6ebd8

Expire your token on spark's site as well.

Also see: https://help.github.com/articles/remove-sensitive-data


Reply to this email directly or view it on GitHub: https://github.com/chrisgervang/CLydE/issues/1


Reply to this email directly or view it on GitHub: https://github.com/chrisgervang/CLydE/issues/1#issuecomment-37467196


Reply to this email directly or view it on GitHub: https://github.com/chrisgervang/CLydE/issues/1#issuecomment-37472907

dk-dev commented 10 years ago

Yeah, this is definitely just a friendly reminder folks! Apparently I can't open cases for github.io/pages repos, maybe I can at mention @CMendy to let him know his site exposes his core and api token as well.

CMendy commented 10 years ago

Wat, how do you even find my repo code ?? what is the worst that can happen ? someone reads my data ?

dk-dev commented 10 years ago

https://github.com/CMendy/CMendy.github.io/blob/master/js/main.js

// Check if core id and token is in local storage if (localStorage.getItem("api-token")) { $("#api-token").val(localStorage.getItem("api-token")); } else { localStorage.setItem("api-token","93499e15f3b3a36952c283bdf77c161977a626da"); $("#api-token").val(localStorage.getItem("api-token")); }

if (localStorage.getItem("core-id")) { $("#core-id").val(localStorage.getItem("core-id")); } else { localStorage.setItem("core-id", "50ff71065067545644320387"); $("#core-id").val(localStorage.getItem("core-id")); }

dk-dev commented 10 years ago

@CMendy the worst I can think of as an example with @sjunnesson ColorCloud code that looks like a NEST-like device. They have a variable called targetTemp. Right now it is set at a cool 56 F, but it's only 1 PUT command away from being set to 9000 F.

sjunnesson commented 10 years ago

@dk-dev thanks for the warning, and that I expose the api. The end device is a fabric cloud filled with LEDs and you can control the color from the app so no harm if anyone uses it for any "evil". But good to have good practices anyways.

cheers