On Thu, Sep 16, 2010 at 08:09:47AM +0200, Sylvain Beucler wrote: > For commit access, I dislike granting Apache write access to all > repositories, because in that case any flaw in > Apache/Gitweb/CGit/etc. would allow the attacker to corrupt any > Savannah repositories.
More importantly, the article suggests using Basic Authentification. That sends the password unencrypted over the line, just base64-encoded, but anybody can decode that. So, it's a very bad idea to use that for sensible data. -- AKFoerster
