DEV Community

Kinga
Kinga

Posted on

Hacked by… Postman?

I was forking the “Microsoft Graph” collection on Postman recently, following the Use Postman with the Microsoft Graph API article.

Instead of clicking the link provided in the article, I made a quick search from the Postman app directly.
I could not believe my eyes…
I got a lot of results….

What’s so shocking about it?

It means that there are a lot people who forked the collection to a public workspace. Most of these public workspaces also contain (publicly available) environments. They are used to store all the details needed to authenticate: tenant ID, client ID and secret.

I am not sure it’s a great idea. 🙈

Please don’t do it.

Please ask your colleagues not to do it.

You may think nobody cares and nobody will notice, but… I did notice. And it’s not my job to hack people. But there are companies who do it for a living, professionally, and chances are they do pay close attention to our actions.
Don’t make their life so easy.

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (1)

Collapse
 
linemat profile image
Master math
Comment hidden by post author

Some comments have been hidden by the post's author - find out more

Billboard image

Create up to 10 Postgres Databases on Neon's free plan.

If you're starting a new project, Neon has got your databases covered. No credit cards. No trials. No getting in your way.

Try Neon for Free →

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay