Re: CGI script for self-administering password in svnserve passwd files

From: David Glasser <glasser_at_davidglasser.net>
Date: Wed, 9 Apr 2008 14:38:36 -0700

jik pinged me again about his script.

It strikes me as a useful script, but I am concerned that in a
relatively cursory scan of his first draft I found several serious
security holes. While our standard for contrib scripts is low, I do
worry about distributing insecure CGIs in our tarball. He fixed
everything I pointed out, but I haven't gotten a chance to look at his
latest version, and more eyes is better.

I do think that it would be a useful thing to have in contrib, but I'd
be much more comfortable if somebody else did a security audit first.

--dave

2008/3/27 Jonathan Kamens <jonathan.kamens_at_tamalesoftware.com>:
> Actually, there was a bug in the version I just sent out, which I
> realized while walking to the bus :-). Attached is a fixed version.
>
> jik
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
> For additional commands, e-mail: dev-help_at_subversion.tigris.org
>

-- 
David Glasser | glasser@davidglasser.net | http://www.davidglasser.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org

Received on 2008-04-09 23:38:47 CEST

This message: [ Message body ]
Next message: Ben Collins-Sussman: "Re: performance enhancement by working copy svn server"
Previous message: C. Michael Pilato: "Re: Tweaking 1.5.x's Mergeinfo (Was: svn commit: r30390 - branches/1.5.x)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]