New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

添加gitalk密钥后github提示GitHub OAuth App Keys exposed on GitHub #138

Open

tylzh97 opened this issue Sep 6, 2021 · 1 comment

tylzh97 commented Sep 6, 2021

请问将OAuth App的密钥直接暴露在仓库中_config.yaml是安全的么？

Owner

mzlogin commented Sep 6, 2021

以前有人提过类似的问题，#96

我的看法：

按我的理解，认证的时候回调地址是配置成自己的域名的，自己域名下的内容是归自己可控的。
这样其它人无法用这个信息通过认证并用作其它用途，所以应该还好。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment