some guy on the Internet

the network engineer fears the backhoe, and the systems engineer fears the network engineer

GitHub Third-Party Application Access

| Comments

My buddy Phil recently encountered an interesting example of unintended consequences by starting down the (initially nonthreatening) path of trying to integrate a third-party site with a GitHub organization. It turns out the default access control configuration of a GitHub organization allows any member of the organization to grant third-party apps access to the data in that organization.

Go back and read that again.

Then read Phil’s writeup for some more details. This gives me plenty to think about.

Comments