Security issue?

Does anyone else see the irony here...

 

Lol thats pretty funny, I didn't catch that. Click the regenerate link and it will update with a unique one.

 

Oh I haven't used one yet. But that is good to note.

 

I don't understand.. unless if YourKeyHere is a real one?

 

It's a LAWL, thats not a real key.

 

What I'm getting at is: If you put your key in a url and that url is, in any way, available to the public, then you have given your key to the entire world.

 

And where in the above text do they suggest you send the link to anyone?

 

But you wouldn't. If you are doing that you are doing it wrong. There is absolutely nothing wrong with this here. This is very common practice. Facebook does, google does, lots of HTTP API's use this kind of key, that you make sure you keep private, by implementing it into a server script such as PHP. If you write an IFrame pointing to the API with your key, then you are begging for trouble and should stay away from programming.

So basically, nothing to see here, move along.

 

Also shell scripts that may use things like wget or curl can use this without too many problems.

 

Now that makes sense, I guess you can just keep that URL to yourself?

 

Alright. I admit I haven't even touch this yet … haven't needed to. And I did expect that bukkit wouldn't do something as ridiculous as I was implying. It just looked funny, and my second post was trying to explain why.

It's a joke guys, but good job at making it a teaching point.