I use Github for DaniWeb's code base. I was just wondering though. How secure is it? Would you ever store passwords or other sensitive information in Github (Don't worry. We use .gitignore.)? What about code that could be considered a trade secret, or that type of thing?
Dani 4,543 The Queen of DaniWeb Administrator Featured Poster Premium Member
rproffitt 2,693 https://5calls.org Moderator
Given the state of affairs in the USA, any security we thought we had is gone.
DOGE is gaining access by force now.
Do we really need this conversation?
Salem 5,248 Posting Sage
Given who owns github (M$), and their location (U$A), I wouldn't trust anything commercially sensitive with them.
Why do you even need it, apart from the simple convenience of it all (that's the trap, make the honeypot sweet enough, plenty will arrive). There's not much there that can't be replicated on a server machine you physically control.
How many people have commit rights on your codebase?
Every contributor has a complete copy of the entire git repo. So even if you lost everything, you can sync with any of your peers and be back up and running to the point of your last push.
Reverend Jim 5,179 Hi, I'm Jim, one of DaniWeb's moderators. Moderator Featured Poster
I don't trust any online service to store my information, sensitive or otherwise, other than whatever password I use to access a particular site. And I assume (mistake, probably) that they keep only the encrypted copy of the password. I saw an ad a while back (I think it was on Ask Woody) for a service that offered to keep all your financial information securely (yeah, right) so that your loved ones would have access in the event of your death.
"Extended warranty. How can I lose?" (Rob - you may have to dig a little for this one).
Dani 4,543 The Queen of DaniWeb Administrator Featured Poster Premium Member
There's not much there that can't be replicated on a server machine you physically control.
Redundancy in the cloud.
How many people have commit rights on your codebase?
Every contributor has a complete copy of the entire git repo. So even if you lost everything, you can sync with any of your peers and be back up and running to the point of your last push.
Just me. At different points in time over the past 20+ years, it has been a different combination of 3 people. (Narue aka deceptikon helped for a little bit many years ago, but he hasn't been around in years and years. And then there was a freelancer from Upwork that I recruited help from for a little bit a long time ago when I was feeling very overwhelmed with my workload.) These days, it's just me.
pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster
No sensitive info in any CVS. If I had a codebase such as DW, I'd store it in a local git store, synced to another machine of mine. No cloud.
Salem 5,248 Posting Sage
TBH, if it's "just me", then password protected tarballs of your .git directory, uploaded to one of the more trustworthy sites might be an option. I wouldn't touch google/onedrive with a barge-pole. Dropbox maybe at a pinch. Personally, I use https://mega.io/
If your DW hosting provider gives you access to filespace outside of the www root hosting daniweb.com, then that would seem to be a good place to store the archives.
pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster
Dani 4,543 The Queen of DaniWeb Administrator Featured Poster Premium Member
https://www.theregister.com/2025/03/17/supply_chain_attack_github/
Well that’s coincidental. Doesn’t seem to apply to our repo though because we don’t use tj-actions/changed-files and use private repos. More to say when I’m not on my phone.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.