DEV Community

Kinga
Kinga

Posted on

Hacked by… Postman?

I was forking the “Microsoft Graph” collection on Postman recently, following the Use Postman with the Microsoft Graph API article.

Instead of clicking the link provided in the article, I made a quick search from the Postman app directly.
I could not believe my eyes…
I got a lot of results….

What’s so shocking about it?

It means that there are a lot people who forked the collection to a public workspace. Most of these public workspaces also contain (publicly available) environments. They are used to store all the details needed to authenticate: tenant ID, client ID and secret.

I am not sure it’s a great idea. 🙈

Please don’t do it.

Please ask your colleagues not to do it.

You may think nobody cares and nobody will notice, but… I did notice. And it’s not my job to hack people. But there are companies who do it for a living, professionally, and chances are they do pay close attention to our actions.
Don’t make their life so easy.

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (1)

Collapse
 
linemat profile image
Master math
Comment hidden by post author

Some comments have been hidden by the post's author - find out more

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay