Pyntax

Aggregating the Future

api authentication tokens web dev

How I lost 17,000 GitHub Auth Tokens in One Night

ByRichard Schneeman

Sep 5, 2017

DZone

How on earth does someone accidentally delete 85% of their users’ GitHub tokens? I was suspicious that something might be wrong when I got an email from a service I run called CodeTriage, it’s a free web app to help find open source projects and issues to work on. While I get plenty of emails from my service, I don’t often get ones with the subject line "Code Triage auth failure." Before we can understand what happened, let’s look into why this email even exists.

For CodeTriage to work it needs info from GitHub. Specifically, it needs to know about all the issues an open source library has open. To do that we need to make authenticated API requests. To make API requests, we need an API token. Now while an API token is good, even better is a VALID API token. Which unfortunately the system would lose from time to time.

Source: DZone

By Richard Schneeman

Related Post

authentication cryptography data security developers devsecops encryption security tutorial tutorial

3 Common Encryption Mistakes That Are Easy to Avoid

May 29, 2021 Gary Schneir
front-end front-end design tutorial web analytics web dev web dev tutorial

Embed PDFs in Your Webpage Using Adobe PDF Embed API

May 29, 2021 Ben Vanderberg
development tutorial typescript web dev web dev tutorial

Using TypeScript const Assertions for Fun and Profit

May 29, 2021 Ross Jenkins

You missed

Uncategorized

Teslas made in Texas will likely have to leave the state before Texans can buy them

May 30, 2021 A Word From Our Sponsor
Uncategorized

MagSafe used to fish out iPhone 12 Pro dropped in canal

May 30, 2021
Uncategorized

Wacom Cintiq Pro 24 Touch review: Beautiful but needs improvement

May 30, 2021
Uncategorized

Google made it hard for users to keep location data private

May 30, 2021