Restricting third party access for lxml github org?

Hey lxmlers, I recently found out that older organizations by default grant third party access to any github OAuth application that a user has enabled. This means that if any of such applications is compromised, this organization is open for attack. I therefore would recommend we go amend that here: https://github.com/organizations/lxml/settings/oauth_application_policy <https://github.com/organizations/fanstatic/settings/oauth_application_policy> I don't think it has huge consequences as you can selectively enable those applications you trust after that, but I figured people using this org should be aware before it's enabled. Regards, Martijn

Hi Martijn! Martijn Faassen schrieb am 25.01.22 um 11:11:
Hey lxmlers,
I recently found out that older organizations by default grant third party access to any github OAuth application that a user has enabled. This means that if any of such applications is compromised, this organization is open for attack. I therefore would recommend we go amend that here:
https://github.com/organizations/lxml/settings/oauth_application_policy
I don't think it has huge consequences as you can selectively enable those applications you trust after that, but I figured people using this org should be aware before it's enabled.
Good call. I enabled that setting. If anything stops working unexpectedly, that was me. :) Stefan
participants (2)
-
Martijn Faassen
-
Stefan Behnel