106
Postman is logging all your secrets and environment variables
(anonymousdata.medium.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 19 May 2025
106 points (98.2% liked)
Web Development
3958 readers
3 users here now
Welcome to the web development community! This is a place to post, discuss, get help about, etc. anything related to web development
What is web development?
Web development is the process of creating websites or web applications
Rules/Guidelines
- Follow the programming.dev site rules
- Keep content related to web development
- If what you're posting relates to one of the related communities, crosspost it into there to help them grow
- If youre posting an article older than two years put the year it was made in brackets after the title
Related Communities
- !html@programming.dev
- !css@programming.dev
- !uiux@programming.dev
- !a11y@programming.dev
- !react@programming.dev
- !vuejs@programming.dev
- !webassembly@programming.dev
- !javascript@programming.dev
- !typescript@programming.dev
- !nodejs@programming.dev
- !astro@programming.dev
- !angular@programming.dev
- !tauri@programming.dev
- !sveltejs@programming.dev
- !pwa@programming.dev
Wormhole
Some webdev blogs
Not sure what to post in here? Want some web development related things to read?
Heres a couple blogs that have web development related content
- https://frontendfoc.us/ - [RSS]
- https://wesbos.com/blog
- https://davidwalsh.name/ - [RSS]
- https://www.nngroup.com/articles/
- https://sia.codes/posts/ - [RSS]
- https://www.smashingmagazine.com/ - [RSS]
- https://www.bennadel.com/ - [RSS]
- https://web.dev/ - [RSS]
founded 2 years ago
MODERATORS
My company banned the use of postman for a few years now.
If it requires a login, you can be sure it is scraping everything it can.
Mine finally did too at the end of last year! Apparently they had checked Postman back in the day when it didn't require a login and deemed it fine, but totally missed their move into being a cloud service. I had to prod the Cloud Service Security guy for months until he finally took a look at it
@lorty @webdev you ever run into issues/cases where a third-party you integrate with sends you a Postman collection and expects you to use it for testing?
Not from a third party, but I did have to adapt a lot of collections to use on Insomnia. It does allow importing from the postman v3 collection format, but it's a bit hit or miss on wether it works 100%. I had a few problems with sequential requests, but they were easy enough to fix in my case.
If it's just for testing, I'd try that. If they require Postman it for validation purposes, then there really isn't much you can do.