Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Either database dumps are in commit history (very common) or credentials like a password for a database is (even more common).

A third reason would be finding a security flaw in the source code and exploiting it.



< Either database dumps are in commit history (very common

Nobody is putting production databases in to commit history. At the size of twitch, there's also no way any application dev has access to production.

> credentials like a password for a database is (even more common).

??? What cowboy outfit is putting things which grant access to production customer data in to git?


I know projects that do or did put their production database credentials, which had full read and write access, in git.

And no, thats not a clever thing to do, neither is there a good reason to do it. But people do things you do not like and theres little you can do about it.

I would like to live in a world where you were right, but I am not. Sadly.

[Edit] dumps though are another thing. Not seen that, yet.


Twitch, it seems https://sizeof.cat/post/twitch-leaks/#secrets-exposed


You need to open that link incognito. (If clicking through from HN)

The site you linked to detects if the referrer url is HN and instead displays only an image saying "HACKER NEWS - A DDoS MADE OF FINANCE-OBSESSED MAN-CHILDREN AND BROGRAMMERS" instead of the content you are trying to link too.

wtf


Sounds accurate.


Lol at the image when you don’t open in incognito




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: