Closed David-Wobrock closed 5 years ago
Thank you for reporting @David-Wobrock. It definitely was a mistake to put it up there. Ideally the app should pull it from the env variables or some other secrets server.
On the bright side, I luckily foresaw this and altered the secrets a bit :D Like asdf
in GOOGLE_CLIENT_ID = "518389157824-2osae11jasdfasdusercontent.com"
.
Anyway, I am going to set the value to generic human readable comments so that people can use it later.
In case you are interested: https://phabricator.wikimedia.org/T223541
Nice! (but I guess the tokens and secrets are still available in the git history, which can be found with some scraping tools)
Hi Tony, I'm not 100% sure what this project is about, but I just quickly browsing through it, quite somes keys, secrets and tokens of Google Accounts and Mediawiki are exposed.
You might want to revoke those before something bad happens https://github.com/tonythomas01/gdrive_to_commons/blob/master/gdrive_to_commons/local_settings_sample.py