Postman is logging all your secrets and environment variables
a year ago
- #Privacy
- #Postman
- #Ethics
- Postman logs all secrets and environment variables, making it unsuitable for healthcare applications due to privacy concerns.
- Charles Proxy was instrumental in uncovering Postman's logging practices, revealing extensive data collection.
- Postman sends unencrypted environment variables and secrets to its servers, regardless of whether they are marked as 'secret'.
- The tool's claim to protect sensitive data is contradicted by its logging practices.
- The article calls for ethical considerations in software development, highlighting the lack of a Hippocratic Oath for developers.