But that's why I said the test stage. Supposedly there is a step that runs for e... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		pvinis on May 15, 2019 \| parent \| context \| favorite \| on: Ask HN: Is stealing a password that easy? But that's why I said the test stage. Supposedly there is a step that runs for every single PR. A lot of open source project have something like that too, where it's a lint checker or unit test runner or whatever.

lm28469 on May 15, 2019 [–]

You shouldn't be able to compromise `prod` from the `test` stage.

pvinis on May 15, 2019 | [–]

Tell that to the CIs with no env var scoping.

But yes, I get what you mean. It seems so weird to me that this scenario can be done.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact