"Andreas K. Foerster" <[email protected]> writes: >> For commit access, I dislike granting Apache write access to all >> repositories, because in that case any flaw in >> Apache/Gitweb/CGit/etc. would allow the attacker to corrupt any >> Savannah repositories. > > More importantly, the article suggests using Basic Authentification. > That sends the password unencrypted over the line, just base64-encoded, > but anybody can decode that. So, it's a very bad idea to use that for > sensible data.
Anyway, even just read-only mode would be a great improvement over the old http protocol. -miles -- Somebody has to do something, and it's just incredibly pathetic that it has to be us. -- Jerry Garcia
