Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
dan-pud8594yI suppose it depends where you host it?
We host ours on GitHub and people can fork or clone but any change to the master branch has to be via pull request that only we can approve.
We've also set our CI up so that it doesn't run on PR raise (as we normally do) but only on merge so we make sure tests, etc. pass locally before approving anything. -
Make sure all the secrets (passwords, salts, API keys) are using environment variables. This is the most common security breach in open source backend software.
-
@dan-pud That sounds like a good strategy. I hadn't though of restricting PRs as being a barrier.
@Lor-inc Signing sounds like a good idea in general. Were you thinking those commits would be checked in CI? -
@react-guy Absolutely. There no way I'd ever forget that (even though Murphy's Law would dictate I will)
-
@react-guy @ScriptCoded Yes. Have a release keypair, stored safely in some secure place, that's exclusively used to approve releases and that's checked in CI. This way github bugs can't grant someone prod access.
Related Rants
-
kebob32FUCK MY BOSS WHEN HE SAYS HE DIDNT SEE ANY UI CHANGES AFTER NOT SLEEPING FOR 24HRS TO GET THE ENTIRE BACKEND R...
-
oskaryil29Is it just me or are you like this too? 😆 #devLife
-
StanTheMan4Hired a new backend Dev. He writes a script and sends it for testing... Tester: "It's not working..." Backend ...
We're a grew guys developing an application that requires a server to orchestrate everything. We'd like to make everything within this project open source. Does anyone have any experience with open sourcing server side code which will interface with OAuth APIs and what not? How do you go about managing deploys? I'm mostly concerned with security here.
question
oss
backend
server side