A software developer who is trying to sell products to businesses, software on which those businesses would rely, admits to creating an "ugly mess" of "spaghetti code ... full of shortcuts and hacks" and to embedding security credentials in the SCM.
I wish you no ill will, but goodness, talk about an anti-ad for your products.
Creds should be outside the SCM, and there are varying levels of "best practice" - vaults, environment variables of CI servers, text files with strict permissions outside the SCM, etc.
You would be surprised how many businesses run on equally bad or worse code. At least I'm honest about it.
Your tips are true but not very helpful. I know it's bad or I wouldn't call it an ugly mess. I have better practices nowadays regarding credentials but all my projects always spiral out of control some way or another. If it's not this it's something else but I'm never proud of my code.
I wish you no ill will, but goodness, talk about an anti-ad for your products.
Creds should be outside the SCM, and there are varying levels of "best practice" - vaults, environment variables of CI servers, text files with strict permissions outside the SCM, etc.