When SXXT happens, it's time to change your password.
How so? Yesterday, I happily committed my code, which is for backing up layout templates for blogs on Blogger.com. After committing done, I saw my Google password when switched back to editor. Anyone who is in normal mental state would loudly yell with "SXXT!" or "FXXK!". I did. I forgot to empty the strings, which have my gmail and password before committed. Actually, I thought I did, because I got prompted for my email and password, therefore I believed that I had emptied two strings. Obviously, I didn't.
The Subversion repository is at Google Code hosting. I deleted the project (sort of making project private) and requested a reset to my repository. Meanwhile, I used svnsync to retrieve all revisions to my computer. After resetted, I tried to sync back without the idiot revision, but I can't get the job done. Later, I manually re-committed the rest of revisions.
From this incident, I have learnt:
- Never allow to put password or other sensitive contents in source, must use a configuration file with secured permission in home directory or similar way if needed
- Always check status and diff before committing
- Always grep the diff before committing
- If SXXT still happens, do not reset if there is only one password involved. Changing the password, instead, would be much easier; and removing the SXXT and committing again
When SXXT happens, you can appreciate it for reminding you of changing password and the opportunity to have new blog post to share your SXXT mood.
0 comments:
Post a Comment