mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

response

Browse source
This commit is contained in:
Joey Hess 2018-09-11 12:49:41 -04:00
parent 5e010fc85d
commit 172221ce4f
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
1 changed files with 19 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
doc/security/comment_2_261b1904e41f4566490b977010ce8734._comment Normal file
View file

@ -0,0 +1,19 @@
[[!comment format=mdwn
username="joey"
subject="""comment 2"""
date="2018-09-11T16:39:14Z"
content="""
@Ilya, it seems to me you could just configure your localhost webserver to
listen on one of the other localnet addresses (eg 127.0.0.2), and
only serve up the "safe" files on that address.
Then whitelist that address in git-annex.
That seems better than adding user-configured regexps to a security path.
(Worth noting that the example regexp you gave also matches port 808, probably
by accident! Regexps and security are often not the best combination.)
Also, I don't think it would be possible to implement anything that looks
at the whole url in the restricted Http Manager, since the http-client
library's interface does not provide the path being requested to the hook
that is built on.
"""]]