it's easy to scan for publicly known services, really difficult to understand if... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		htrp 46 days ago \| parent \| context \| favorite \| on: Home Depot GitHub token exposed for a year, grante... it's easy to scan for publicly known services, really difficult to understand if a random string that says key somewhere is actually a random internal api key

hurturue 46 days ago [–]

which is why a lot of services now prefix they keys with a fixed string like pat_, sk_,

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact