https://www.chenk.top/en/tags/ram/Recent content in RAM on Chen Kai BlogHugoenSun, 03 May 2026 09:00:00 +0000https://www.chenk.top/en/aliyun-fullstack/06-ram-security/Sun, 03 May 2026 09:00:00 +0000https://www.chenk.top/en/aliyun-fullstack/06-ram-security/<p>I once found a DashScope API key hardcoded in a public GitHub repo. It was mine. Someone had forked a demo I pushed months earlier, and the key was sitting in a config file I forgot to gitignore. By the time I noticed, the key had been used to generate 14,000 Qwen API calls in a single weekend. The bill was not catastrophic — DashScope per-token pricing is forgiving — but the lesson was. I had treated cloud security as something I would figure out later. &ldquo;Later&rdquo; arrived as a billing alert at 2 AM on a Sunday.</p>