| commit | be23710aafb9ce026a25272cb07826fd10361e87 | |
| author | Stefan Sperling <stsp@stsp.name> | |
| Mon, 6 May 2024 17:41:34 +0000 (6 17:41 +0000) | ||
| committer | Thomas Adam <thomas@xteddy.org> | |
| Mon, 6 May 2024 21:33:52 +0000 (6 22:33 +0100) | ||
| tree | 2e26bc758d06c7876fa4a61950d3fde78645651e | treesnapshot (tar.gz zip) |
| parent | caee5476c9a132618334bc76e9e8dd53191dba1c | commitdiff |
don't leak the existence of gotd repositories to unrelated user accounts
In particular, this prevents anonymous user accounts from discovering
the existence of other private repositories served by gotd by correctly
guessing the name of a private repository. They still wouldn't have read
or write access but in some cases even knowledge about the existence of
a particular repository could be cause for concern.
ok op@
In particular, this prevents anonymous user accounts from discovering
the existence of other private repositories served by gotd by correctly
guessing the name of a private repository. They still wouldn't have read
or write access but in some cases even knowledge about the existence of
a particular repository could be cause for concern.
ok op@
| gotd/auth.c | diffblobblamehistory | |
| regress/gotd/Makefile | diffblobblamehistory | |
| regress/gotd/repo_read_access_denied.sh | diffblobblamehistory | |
| regress/gotd/repo_write_readonly.sh | diffblobblamehistory |