Just looking at the AT Protocol SDK for Python and I found this snippet in the sample code:
profile = client.login('my-handle', 'my-password')
ðŸ˜
Read it and weep.
This WILL end up as-is in production.
This WILL end up on Github with valid credentials.
#PythonDev #atproto #credentials 🧵
profile = client.login('my-handle', 'my-password')
ðŸ˜
Read it and weep.
This WILL end up as-is in production.
This WILL end up on Github with valid credentials.
#PythonDev #atproto #credentials 🧵
Comments
client.login(os.environ['BSKYUSR'], os.environ['BSKYPWD'])
Developers learn from examples - unfortunately also from bad ones.
It is why in 2024 we still have things like SQL Injection vulnerabilities.
Please code safe.
#PythonDev #atproto #credentials