Google Verification Code Stored in a Public GitHub Repository

Question

Google Verification Code Stored in a Public GitHub Repository

Closed this issue 6 years ago · 4 comments

Your Google site verification code is completely visible and easily accessed by any person viewing this repository. This is a security flaw, and you may wish to fix it.

Of course it is up to you what you do with your verification code, but I would highly suggest taking it off of the repo.

Answer 1 · 2018-11-30T01:45:12.000Z

Yeah, that is true. I suppose when I started the site I wasn't too worried about people messing with my Google information, but now that I have a bit more traffic it is more of a problem. Thanks for your concern and bringing it to my attention.

…

On Thu, Nov 29, 2018, 8:32 PM Caleb H. ***@***.*** wrote: Your Google site verification code is completely visible and easily accessed by any person viewing this repository. This is a security flaw, and you may wish to fix it. Of course it is up to you what you do with your verification code, but I would highly suggest taking it off of the repo. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#2>, or mute the thread <https://github.com/notifications/unsubscribe-auth/APcmwktyoWKzGFIr1R261syyF2v4QrgPks5u0IqVgaJpZM4Y61od> .

Answer 2 · 2018-11-30T01:56:39.000Z

I'm not sure how you could get it out of the repo history now that it has been committed?

(I've ran into similar scenarios in the past and have been uncertain on how to wipe out any traces of it in the commit history).

Answer 3 · 2018-11-30T02:16:44.000Z

I'll try to help by making a pull request.

Answer 4 · 2018-11-30T11:26:49.000Z

This issue should be resolved. I deleted the verification code and created a new one with my domain provider. The old code should be out of date and the new one is safely out of sight. Again, thanks so much for bringing this to my attention.