I’m working on some examples of remote execution just as an experiment where a remote user can essentially run arbitrary code on that glitch instance.
They could effectively nuke everything on the glitch, which is okay (the workflow is to load it from Github into a glitch and play around with it).
One thing I want to verify though is that any private information for a user won’t be leaked.
Nothing will be placed in
.data, but are there any other files, directories, etc that are stored in a glitch instance that could contain private data?
The access tokens for linking to Github are not stored in the actual glitch instance right?
Are there any environment variables exposing sensitive data beyond what the
Looks like at least one to be aware of is that the
PROJECT_INVITE_TOKEN is exposed in an instance