savannah-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-users] git "smart http" protocol


From: Andreas K. Foerster
Subject: Re: [Savannah-users] git "smart http" protocol
Date: Thu, 16 Sep 2010 11:50:09 +0200
User-agent: Mutt/1.5.20 (2009-06-14)

On Thu, Sep 16, 2010 at 08:09:47AM +0200, Sylvain Beucler wrote:

> For commit access, I dislike granting Apache write access to all
> repositories, because in that case any flaw in
> Apache/Gitweb/CGit/etc. would allow the attacker to corrupt any
> Savannah repositories.

More importantly, the article suggests using Basic Authentification.
That sends the password unencrypted over the line, just base64-encoded,
but anybody can decode that. So, it's a very bad idea to use that for
sensible data.

-- 
AKFoerster



reply via email to

[Prev in Thread] Current Thread [Next in Thread]