Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Even though he isnt aware of it he has a point. I have several git-projects whose upstream is secured via keyfile. There are no passwords on those keys, a simple git push can upload changes. If you have a simple branch-system and the virus is sneaky enough this could work (e.g. add your malicious npm module to node projects)
Now i want to see a virus that exploits this ^^" -
nikmanG15287yThey’re probably looking at from a different angle but there is an argument to be made. If, for example, malicious code is added to your codebase and you unknowingly push it upstream, there could be potential issues. On websites if I link to a third party JS file, and their files got like coinhive pushed into it through set for process then potentially it could infect users through my site. Probably explained my thoughts like crap so sorry about that
-
py2js27657yHe is actually right. If you tell him that you have password protected push rights (ssh based) then okay otherwise it is a big worry for you.
Related Rants
-
cdrice105"You gave us bad code! We ran it and now production is DOWN! Join this bridgeline now and help us fix this!" ...
-
MoboTheHobo36My Friend: Dude our Linux Server is not working anymore! Me: What? What did you do? My friend: Nothing I swe...
-
tommy15Right now someone at Google is coding something useless for us to laugh at on April Fools.
Boss : How do you access code at home ?
Me : Well, Git is fairly accessible from anywhere with the right credentials at hand
Boss : What of you have virus in your system ? Can't the virus infect our NodeJS code ?
Since then, I haven't been able to get out of the mental comatose induced.
rant
nodejs
developer
bosses
idiots at work
fml