Is it safe to upload a website's code to github [closed]

Question

Closed. This question is opinion-based. It is not currently accepting answers.

---

Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.

Closed 8 years ago.

Improve this question

Assuming that all configuration data/db passwords etc. are hidden in configuration files that aren't under version control, what kind of security issues might posting a site's code on github/bitbucket cause (issues that aren't already present just by having a public site)? Also assume it is a non-trivial site that utilizes authentication and database interaction.

I have noticed a few sites on github and was wondering if it was a safe/unsafe practice.

Answer 1

Security by obscurity doesn't work.

If uploading the source code to GitHub reveals security issues you already had security issues. Hiding them by hiding your source code does very, very little to improve your security.

You may even receive bug reports and / or fixes, making your code more secure, not less. (Unless your site is high-profile, I wouldn't expect this, but it's possible.)

Of course, as you have already mentioned, your database credentials etc. should not be included in your repository.