[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-users] git "smart http" protocol
|
From: |
Andreas K. Foerster |
|
Subject: |
Re: [Savannah-users] git "smart http" protocol |
|
Date: |
Thu, 16 Sep 2010 11:50:09 +0200 |
|
User-agent: |
Mutt/1.5.20 (2009-06-14) |
On Thu, Sep 16, 2010 at 08:09:47AM +0200, Sylvain Beucler wrote:
> For commit access, I dislike granting Apache write access to all
> repositories, because in that case any flaw in
> Apache/Gitweb/CGit/etc. would allow the attacker to corrupt any
> Savannah repositories.
More importantly, the article suggests using Basic Authentification.
That sends the password unencrypted over the line, just base64-encoded,
but anybody can decode that. So, it's a very bad idea to use that for
sensible data.
--
AKFoerster
- [Savannah-users] git "smart http" protocol, Miles Bader, 2010/09/15
- Re: [Savannah-users] git "smart http" protocol, Sylvain Beucler, 2010/09/16
- Re: [Savannah-users] git "smart http" protocol,
Andreas K. Foerster <=
- [Savannah-users] Re: git "smart http" protocol, Miles Bader, 2010/09/16
- Re: [Savannah-users] Re: git "smart http" protocol, Sylvain Beucler, 2010/09/16
- Re: [Savannah-users] Re: git "smart http" protocol, Sylvain Beucler, 2010/09/16
- [Savannah-users] Re: git "smart http" protocol, Miles Bader, 2010/09/17
- Re: [Savannah-users] Re: git "smart http" protocol, Sylvain Beucler, 2010/09/17
- Re: [Savannah-users] Re: git "smart http" protocol, Miles Bader, 2010/09/17
- Re: [Savannah-users] Re: git "smart http" protocol, Sylvain Beucler, 2010/09/17
- Re: [Savannah-users] git "smart http" protocol, James Cloos, 2010/09/16