Hi, I think we found a security flaw with git http smart backend. We are running git version 1.0.7.4 on our server. Adding random words after the password and the authentication still succeeds. It's very easy to reproduce, say the username is ivan and the password is the word secret: % git pull Username: ivan Password: secretfoo Already up to date. Pull succeeds although the password is wrong! Can someone try to reproduce with a more up to date git server? -- Ivan Kanis http://ivan.kanis.fr -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html