[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-users] Re: git "smart http" protocol
|
From: |
Miles Bader |
|
Subject: |
[Savannah-users] Re: git "smart http" protocol |
|
Date: |
Thu, 16 Sep 2010 21:00:16 +0900 |
"Andreas K. Foerster" <address@hidden> writes:
>> For commit access, I dislike granting Apache write access to all
>> repositories, because in that case any flaw in
>> Apache/Gitweb/CGit/etc. would allow the attacker to corrupt any
>> Savannah repositories.
>
> More importantly, the article suggests using Basic Authentification.
> That sends the password unencrypted over the line, just base64-encoded,
> but anybody can decode that. So, it's a very bad idea to use that for
> sensible data.
Anyway, even just read-only mode would be a great improvement over the
old http protocol.
-miles
--
Somebody has to do something, and it's just incredibly pathetic that it
has to be us. -- Jerry Garcia
- [Savannah-users] git "smart http" protocol, Miles Bader, 2010/09/15
- Re: [Savannah-users] git "smart http" protocol, Sylvain Beucler, 2010/09/16
- Re: [Savannah-users] git "smart http" protocol, Andreas K. Foerster, 2010/09/16
- [Savannah-users] Re: git "smart http" protocol,
Miles Bader <=
- Re: [Savannah-users] Re: git "smart http" protocol, Sylvain Beucler, 2010/09/16
- Re: [Savannah-users] Re: git "smart http" protocol, Sylvain Beucler, 2010/09/16
- [Savannah-users] Re: git "smart http" protocol, Miles Bader, 2010/09/17
- Re: [Savannah-users] Re: git "smart http" protocol, Sylvain Beucler, 2010/09/17
- Re: [Savannah-users] Re: git "smart http" protocol, Miles Bader, 2010/09/17
- Re: [Savannah-users] Re: git "smart http" protocol, Sylvain Beucler, 2010/09/17
- Re: [Savannah-users] git "smart http" protocol, James Cloos, 2010/09/16