Security\Authentication
0
I’ve has some hard time determining why it didn’t ask me for credentials when remotely accessing the repository.
My scenario was http\\ using GitStack users and groups.
All was set up correctly, double checked, the user, the repository, no matter what I’ve tried, it kept working insecurely.
For example: “git clone http://1.2.3.4/repository_name” always succeeds without asking for user and password.
After investigating around and seeing that there has been a bug that allowed for insecure communication when you write the repository name without the extension (.git), I’ve found that the problem this time is with the CASE SENSITIVITY of the repository name.
So, if it is created like REPOSITORY_NAME and you use the name lowercase in your query, the server does not enforce the authentication.
It could be fixed in the configuration file of the repository:
C:\GitStack\apache\conf\gitstack\repositories’repository_name.conf
The reg expressions should be fixed to cater for case-insensitive repository name. I’ve done that inline by adding (?i)
^/(?i)REPOSITOTY_NAME(\.git)?
This is GitStack 2.2.1 guys and I’m sure you’ve fixed the issue for the next revision?
Thanks.
asked July 26, 2012
1 Answer
0
Your Answer
Please login to post questions.