From: Andreas Ericsson <ae@op5.se>
To: Git Mailing List <git@vger.kernel.org>
Subject: Re: The git protocol and DoS
Date: Thu, 20 Oct 2005 10:16:45 +0200 [thread overview]
Message-ID: <4357526D.2000807@op5.se> (raw)
In-Reply-To: <20051019222044.GP30889@pasky.or.cz>
Petr Baudis wrote:
> Dear diary, on Wed, Oct 19, 2005 at 10:00:05PM CEST, I got a letter
> where "H. Peter Anvin" <hpa@zytor.com> told me that...
>
>>One way to do this would be to start the transaction by having the
>>server transmit a cookie to the client, and to require the client to
>>send a SHA1 of the (cookie + request) together with the request. This
>>would be done with a fairly short timeout.
>
>
> If (well, it sounds like a good idea, so rather "when") you do this,
> it would be a good idea to do in a way that makes it easy to later add
> support for some kind of authentication (really, not everyone wants to
> give away ssh accounts). Let's say it works like:
>
> [client] git-upload-pack <path>
> [server] challenge somethingnonsensical
> [client] challenge-response <username>:sha1(somethingnonsensical<password>)
> [server] All right, the pack goes like this...
>
> Suddenly you have support for hopefully secure authentication, and at
> the same time you have the cookie implemented in backwards-compatible
> fashion (in the sense that new client will be able to talk to old
> server) - just assume the username and password empty. This might be
> even hardcoded for now, just leave a room for its addition (in an
> elegant and compatible way) in the protocol, please.
>
I think git-daemon would be better off without this, since
* A project rarely grants write access to the central repo (or whatever
git has, I'm still fairly new to it) without being willing to give out
ssh access, often limited by the ssh command whitelist.
* It's hard to do right.
* Passwords are never as secure or as convenient as public key
authentication and there's no point in spending a lot of time
re-inventing ssh.
--
Andreas Ericsson andreas.ericsson@op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
prev parent reply other threads:[~2005-10-20 8:16 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-19 20:00 The git protocol and DoS H. Peter Anvin
2005-10-19 20:50 ` Junio C Hamano
2005-10-19 20:55 ` H. Peter Anvin
2005-10-19 21:06 ` Junio C Hamano
2005-10-19 21:59 ` H. Peter Anvin
2005-10-19 21:31 ` Linus Torvalds
2005-10-19 21:54 ` Junio C Hamano
2005-10-19 22:01 ` H. Peter Anvin
2005-10-19 22:20 ` Petr Baudis
2005-10-19 22:39 ` Tony Luck
2005-10-20 0:20 ` David Brown
2005-10-20 8:16 ` Andreas Ericsson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4357526D.2000807@op5.se \
--to=ae@op5.se \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).