Uber, Github and You’ve got to be kidding me

In major goof, Uber stored sensive database key on public Github page.

via Ars Technica.

Disclosure: I have a Github account, on which I have stored very little. However, I do have a project going in the background to build a terminology database which will be mega simple (I like command lines) and which will have a MySQL database and an interactive Python script to get at the contents of the MySQL database. However, one thing which has exercised my mind is a reminder to myself that when I promote all this to Github (as I might in case anyone else wants a simple terminology database) to ensure that I remove my own database keys.

But this is not a corporate product, or any sort of corporate code. Nobody’s personal data will be impacted if I forget (which I won’t).

In the meantime, Uber, which is probably the highest profile start up, which has money being flung at it right left and centre by venture capitalists, managed to put a database key up on Github.

I don’t understand this. Why is Uber database related information anywhere near Github anyway? If they are planning to sell this as a product, why would you put anything related to it on an open repository?

I like the idea of an online repository for my own stuff. I don’t actually love Github but it’s easy enough to work with and, a bit like Facebook, everyone uses it. But that doesn’t mean any corporate site should allow access to unless they are open sourcing some code and even then, any such code really should be checked to ensure it doesn’t present any risk to the corporate security of the company.

Database keys in an open repo: there really is no excuse for this regardless of whether you’re a corporate or an individual.