[Fusionforge-general] Gitweb access to private repos

Thorsten Glaser t.glaser at tarent.de
Mon Feb 24 10:16:06 CET 2014


On Tue, 18 Feb 2014, Sylvain Beucler - Inria wrote:

> Attached is a proof-of-concept for reusing the gforge session cookie, with the
> .ini files chgrp'd to www-data.

******* DO NOT DO THAT!!! *******

There is a reason these files are *not* readable for www-data.

> > I'm toying with granting gitweb access to private Git repositories.

https://evolvis.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=evolvis-platfrm/ff-priv-scm.git

Hm. IIRC I wrote about this to the mailing list already, especially
asking for more testers, but can’t find the eMail on the list archives.

Please do review ;-) I’ve looked at it, and it’s “ugly” but it works,
and I tried very hard to not introduce any security flaws.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg



More information about the Fusionforge-general mailing list