[Vulnerability] Visible github token
Hi,
I just observed that the Dataiku interface keeps the GitHub token visible when cloning plugin from remote repository (see below).
For security purposes, is it possible to hide it as it already exists when setting up the remote branch in plugin development mode (see below).
Thanks in advance,
Thomas
Operating system used: Windows
Answers
-
Alexandru Dataiker, Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Adv Designer, Registered Posts: 1,226 DataikerHi @thomaslprru
,It would better if can open support so we can better track this question.
You don't have to use the credentials/token in the remote origin URL directly. You should use SSH Keys or cached https credentials instead. Various options are detailed here:
https://stackoverflow.com/questions/46645843/where-to-store-my-git-personal-access-token -
tgb417 Dataiku DSS Core Designer, Dataiku DSS & SQL, Dataiku DSS ML Practitioner, Dataiku DSS Core Concepts, Neuron 2020, Neuron, Registered, Dataiku Frontrunner Awards 2021 Finalist, Neuron 2021, Neuron 2022, Frontrunner 2022 Finalist, Frontrunner 2022 Winner, Dataiku Frontrunner Awards 2021 Participant, Frontrunner 2022 Participant, Neuron 2023 Posts: 1,598 NeuronOnce you figure out what you think the best approach is for this. I'd love to hear what you conclude the best approach would be.
-
thomaslprru Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Adv Designer, Registered Posts: 10 ✭
Hi,
Thanks for the answers. I decided to use https credentials cache because it was the easiest method to implement.