Client secret exposed in source code.

cuberite / plugin-repository

Repository for Cuberite plugins

https://plugins.cuberite.org

Other

5 stars 2 forks source link

Closed bearbin closed 8 years ago

bearbin commented 8 years ago

In githubapihelper.php the client id and client secret are exposed. They should be removed, and the old ones invalidated to prevent compromise.

tigerw commented 8 years ago

Yeah. I security really well, don't I.

bearbin commented 8 years ago

Have you revoked the key on GitHub's side, since history is immutable?

tigerw commented 8 years ago

Yes, I have.