DEV Community

Kinga
Kinga

Posted on

Hacked by… Postman?

I was forking the “Microsoft Graph” collection on Postman recently, following the Use Postman with the Microsoft Graph API article.

Instead of clicking the link provided in the article, I made a quick search from the Postman app directly.
I could not believe my eyes…
I got a lot of results….

What’s so shocking about it?

It means that there are a lot people who forked the collection to a public workspace. Most of these public workspaces also contain (publicly available) environments. They are used to store all the details needed to authenticate: tenant ID, client ID and secret.

I am not sure it’s a great idea. 🙈

Please don’t do it.

Please ask your colleagues not to do it.

You may think nobody cares and nobody will notice, but… I did notice. And it’s not my job to hack people. But there are companies who do it for a living, professionally, and chances are they do pay close attention to our actions.
Don’t make their life so easy.

Sentry image

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →

Top comments (1)

Collapse
 
linemat profile image
Master math
Comment hidden by post author

Some comments have been hidden by the post's author - find out more

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay