some guy on the Internet

the network engineer fears the backhoe, and the systems engineer fears the network engineer

GitHub Third-Party Application Access

| Comments

My buddy Phil recently encountered an interesting example of unintended consequences by starting down the (initially nonthreatening) path of trying to integrate a third-party site with a GitHub organization. It turns out the default access control configuration of a GitHub organization allows any member of the organization to grant third-party apps access to the data in that organization.

Go back and read that again.

Then read Phil’s writeup for some more details. This gives me plenty to think about.