Sigh. Don't hardcode credentials in scripts, especially client-facing ones! If you must have credentials in plaintext on a file system, at least do something like PostgreSQL's pgpass file (and don't commit it to your version control system, or have it accessible via your web server!) with the appropriate user permissions set on it.
this post was submitted on 26 Mar 2026
25 points (100.0% liked)
Cybersecurity
9736 readers
86 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
Remember when writing a client side JavaScript application all that code is transferred to the client machine and executed. Don't put any sensitive code or strings in that code.
Yep. Use free tools like gitguardian, gitleaks, etc. and run them in pre-commit hooks. Makes it a lot easier to catch.
And if you leak one by accident, change it immediately. There are bots trolling sites and repos for this information.