Hacker News new | past | comments | ask | show | jobs | submit login

You don't. You put it in a thought to be private place but you'll find out if it gets public at some point that way.



But why host it somewhere reachable at all?


It's a canary, it should ideally never be triggered but in case it does you want to know about.

Another way would be to put a fake user in your users database and then watch password leaks and see if it shows up. Then you know you've been breached. It should never happen but if it does it's good to know.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: