| ▲ | mingus88 7 hours ago |
| It’s the key used by the attackers in the payload I think. So you publish it and a scanner will revoke it |
|
| ▲ | trees101 7 hours ago | parent | next [-] |
| oh I see, you're force-revoking someone else's key |
|
| ▲ | freakynit 3 hours ago | parent | prev [-] |
| Does this mean a program can be written to generate all possible api keys and upload to github thereby revoke everyone's access? |
| |
| ▲ | kylecazar 3 hours ago | parent [-] | | They are designed to be long enough that it's entirely impractical to do this. All possible is a massive number. | | |
| ▲ | freakynit 3 hours ago | parent [-] | | That's true tho... possible, but impractical. | | |
| ▲ | 2 hours ago | parent | next [-] | | [deleted] | |
| ▲ | cortesoft 2 hours ago | parent | prev [-] | | Only possible if you are unconstrained by time and storage. | | |
| ▲ | eru an hour ago | parent [-] | | Not only you, but GitHub too, since you need to upload. Storage is actually not much of a problem (on your end): you can just generate them on the fly. |
|
|
|
|
