Author Archives: g.pickardou

I do not understand how the standard practice to pass secrets as environment variables to containers considered as safe? [duplicate]

Posted on by

TL;DR
The container’s environment variable can be queried many ways, with native docker tools or 3rd party tools. The docker admin user (or any user in the docker group) not necessary dba on a container’s image, still can dump the root(mys… Continue reading I do not understand how the standard practice to pass secrets as environment variables to containers considered as safe? [duplicate]

Is there any safe way to use Windows Credential Manager’s generic credentials?

Posted on by

(note: VS Code is just an example, question is not specific to VS Code)
I would like to use Windows Credential Manager’s generic credentials, say store git passwords when using VS Code, so I have not forced to retype them every occasion wh… Continue reading Is there any safe way to use Windows Credential Manager’s generic credentials?

WP Mail new version asks for set *their* domain URL as Authorized redirect URI in my Google OAuth 2.0 Client Credential

Posted on by

Context
WP Mail is a WP plugin, and I want to set up it to send emails using my gmail account via gmail API.
So I’ve created a Google project, set it up, including the consent screen and a OAuth 2.0 Client IDs within my project. However WP… Continue reading WP Mail new version asks for set *their* domain URL as Authorized redirect URI in my Google OAuth 2.0 Client Credential

Is installation id secure enough to authenticate device’s user against a Web Service API?

Posted on by

…or interactively asking for password / or having some certificate is inevitable?

Context

My Android app wants to do secure transactions via my Web Service API. However I do not want to bother my user with asking/register… Continue reading Is installation id secure enough to authenticate device’s user against a Web Service API?