Repository Security - Andre Masella

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Andre Masella <andre@masella.no-ip.org>
To: git@vger.kernel.org
Subject: Repository Security
Date: Mon, 22 Jan 2007 14:33:11 -0500	[thread overview]
Message-ID: <200701221433.13257.andre@masella.no-ip.org> (raw)

I've been using git for a while and really like it, but I have a concern about 
security.

As I understand it, none of the repository backends allow any per-user 
per-branch access control. SSH and HTTP come the closest with the right 
hooks, but since the repository is writeable by those users, there is little 
to stop them from changing the repository directly.

If this is truly the case, I was thinking of creating something similar to 
SVN's Apache plugin to provide more sophisticated access control. I'm leaning 
toward the HTTP remote (transport? backend? What's the right term?) because 
Apache can do many kinds of authentication. I could also make the HTTP less 
dumb, if I had a better idea what that might involve. This could also be a 
way to solve the requests for remote repository creation I see in the survey.

So, before I start, I would like to get ideas from others...or be told this is 
a waste of time. Thanks.
-- 
--Andre Masella (andre at masella.no-ip.org)

next             reply	other threads:[~2007-01-22 19:54 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-01-22 19:33 Andre Masella [this message]
2007-01-22 20:53 ` Repository Security Shawn O. Pearce
2007-01-23 13:23   ` Andre Masella
2007-01-22 23:46 ` Martin Langhoff
2007-01-23  9:41 ` Johannes Schindelin
2007-01-23 13:23   ` Andre Masella
2007-01-23 14:29     ` Johannes Schindelin
2007-01-23 15:00     ` Andy Parkins
2007-01-23 11:06 ` Jakub Narebski
2007-01-23 13:23   ` Andre Masella
2007-01-23 21:38     ` Johannes Schindelin
2007-01-24  9:31     ` Andreas Ericsson
2007-01-23 16:18   ` Linus Torvalds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200701221433.13257.andre@masella.no-ip.org \
    --to=andre@masella.no-ip.org \
    --cc=git@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).