This repository has been archived by the owner on Sep 16, 2024. It is now read-only.
diags.php, suppress API keys in output #104
Comments
scomx
changed the title
|
I considered suppressing all API keys in addition to the ones that are currently suppressed, but decided against that as a helpful remote debugging aid when problems arise due to lack of data from DarkSky, WU/TWC or metar. Those keys connect to 'free' sources of data, and are easily changed if needed (if someone captures/misuses that key). The suppressed items of password to easyweathersetup.php and user/password to a mySQL database must be hidden to prevent miscreants from assuming control of the website. The diagnostic advantage for the API keys to remain shown outweigh (IMHO) the disadvantages of not having them shown for remote user assistance. Thanks for you kind words about the CU-HWS .. it's still a work in progress :) |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi Ken,
diags.php is a great check-up and debug tool but I'm not sure if showing API keys in the settings printout is a good idea? While hijacked API keys may not be a major issue (or an issue at all) I still believe these should be treated as sensitive/personal information.
Thanks for your awesome work on CU-HWS.
The text was updated successfully, but these errors were encountered: