Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hide development account authentication for security #32

Open
sam-xif opened this issue Aug 15, 2019 · 2 comments
Open

Hide development account authentication for security #32

sam-xif opened this issue Aug 15, 2019 · 2 comments
Labels
enhancement New feature or request security A security-related issue

Comments

@sam-xif
Copy link
Member

sam-xif commented Aug 15, 2019

This is not totally necessary, but it will prevent external users who can see the code from tampering with our Firebase instance.
@sam-xif sam-xif added enhancement New feature or request security A security-related issue labels Aug 15, 2019
@schoobydrew
Copy link
Collaborator

I saw this: https://security.stackexchange.com/questions/150808/how-secure-is-my-heroku-source-code

post recommends creating config variables to pull in at runtime instead of hard coding them into the code, that way our API keys are not sitting visible on the git

@ghost
Copy link

ghost commented Aug 15, 2019

i agree this is pretty important.

essentially how this would work is having everyone use a local process.env file that's blocked by .gitignore for local development and heroku has a configuration section for the variables as well. that way our info is safe.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request security A security-related issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sam-xif @schoobydrew