WingNews logo WingNews
top | item 45652890

(no title)

a85 | 4 months ago

Yes. The post is misleading and we have more detail on what we do here.

https://blog.postman.com/engineering/postman-free-is-secure-...

Postman allows for turning off history, keeping variables local, setting up a local vault all in the free product and in more advanced plans, there are secret scanning capabilities for IT and security teams.

https://blog.postman.com/choose-the-right-postman-plan-for-y...

These issues are not unique to Postman and apply to all cloud products like GitHub as an instance. Products that are “offline” just shift the burden to the user.

discuss

order

victop|4 months ago

All good security measures, for sure, but the blog post you linked doesn’t mention anything about telemetry (ie request data sent to those *.gw.postman.com endpoints). As a user, it would be great to know exactly what data is sent to Postman servers (eg we send resolved query strings, we don’t send headers, etc), as well as to have an easy way to opt out of telemetry altogether.