top | item 37176229

(no title)

Reminds me of the anti virus software at work many years ago that did not allow me to download a password encoding library, because the filename contained the word "password"

I've also experienced automatic security reports that complain that the configuration file contains the word "password" (as in "database.password="). I had to argue with them that we did not actually store passwords in Git as they could clearly see, but that it was set using a environment variable by a secrets manager when actually running in a container. Next time we had a similar use case we would just give it a different name to avoid this complication

discuss

No comments yet.