Issue 1966 in google-caja: test server should be more locked down
2 views
Skip to first unread message
googl...@googlecode.com
Apr 14, 2015, 12:57:01 PM4/14/15
to google-ca...@googlegroups.com
Status: New
Owner: kpr...@google.com
Labels: Type-Defect Priority-Low Component-Build
New issue 1966 by kpr...@google.com: test server should be more locked down
https://code.google.com/p/google-caja/issues/detail?id=1966
The web server started by 'ant runtests' / 'ant brserve' permits more than
it needs to:
* It allows access from the network. Localhost would be a better _default_.
* It serves all files in the project root, hence including .svn or .git. In
the event that network access is permitted, hiding .git would prevent
reading history information which could include undisclosed draft security
patches and such.
(Of course, if the server is accessible then the current files it's serving
show the current work as well, but VCS data is more slurpable.)
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Owner: kpr...@google.com
Labels: Type-Defect Priority-Low Component-Build
New issue 1966 by kpr...@google.com: test server should be more locked down
https://code.google.com/p/google-caja/issues/detail?id=1966
The web server started by 'ant runtests' / 'ant brserve' permits more than
it needs to:
* It allows access from the network. Localhost would be a better _default_.
* It serves all files in the project root, hence including .svn or .git. In
the event that network access is permitted, hiding .git would prevent
reading history information which could include undisclosed draft security
patches and such.
(Of course, if the server is accessible then the current files it's serving
show the current work as well, but VCS data is more slurpable.)
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Reply all
Reply to author
Forward
0 new messages