top | item 19728764

(no title)

nobatron | 6 years ago

There's a lot wrong with this article.

Firstly having a private network for your infrastructure isn't a one stop solution for keeping attackers out.

Secondly using Github Enterprise or self hosted GitLab doesn't make up for storing secrets in Git.

Looking forwards to the proper write up.

discuss

bifrost|6 years ago

I've never claimed it was a "one stop", but it certainly keeps the random internet users to a minimum.

And yes, using GHE or self hosted GitLab doesn't make up for storing secrets, but it at least keeps them out of the public eye so the effects are less brutal. Its still bad to store secrets in a code repository.

My whole point is that you can reduce risks easily, yet some people don't for some reason.