savannah-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-users] Re: git "smart http" protocol


From: Miles Bader
Subject: [Savannah-users] Re: git "smart http" protocol
Date: Thu, 16 Sep 2010 21:00:16 +0900

"Andreas K. Foerster" <address@hidden> writes:
>> For commit access, I dislike granting Apache write access to all
>> repositories, because in that case any flaw in
>> Apache/Gitweb/CGit/etc. would allow the attacker to corrupt any
>> Savannah repositories.
>
> More importantly, the article suggests using Basic Authentification.
> That sends the password unencrypted over the line, just base64-encoded,
> but anybody can decode that. So, it's a very bad idea to use that for
> sensible data.

Anyway, even just read-only mode would be a great improvement over the
old http protocol.

-miles

-- 
Somebody has to do something, and it's just incredibly pathetic that it
has to be us.  -- Jerry Garcia




reply via email to

[Prev in Thread] Current Thread [Next in Thread]