Junio C Hamano <gitster@xxxxxxxxx> a écrit
> Shawn Pearce <spearce@xxxxxxxxxxx> writes:
>
>> On Fri, Jun 22, 2012 at 3:12 AM, Ivan Kanis <ivan.kanis@xxxxxxxxxxxxxx> wrote:
>>> I think we found a security flaw with git http smart backend. We are
>>> running git version 1.0.7.4 on our server. Adding random words after the
>>> password and the authentication still succeeds.
>>
>> git http-backend does not handle authentication or authorization. This
>> is handled in your web server. You should consult your web server's
>> documentation, and maybe its configuration files.
>
> Very good advice.
In case someone is reading this thread I confirm the problem comes from
Apache.
--
Ivan Kanis, Release Manager, Vision Objects,
Le mal est un mulet : il est opiniâtre et stérile.
-- Victor Hugo
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html