Status: New
Owner:
kpr...@google.com
Labels: Type-Defect Priority-Low Component-Build
New issue 1966 by
kpr...@google.com: test server should be more locked down
https://code.google.com/p/google-caja/issues/detail?id=1966
The web server started by 'ant runtests' / 'ant brserve' permits more than
it needs to:
* It allows access from the network. Localhost would be a better _default_.
* It serves all files in the project root, hence including .svn or .git. In
the event that network access is permitted, hiding .git would prevent
reading history information which could include undisclosed draft security
patches and such.
(Of course, if the server is accessible then the current files it's serving
show the current work as well, but VCS data is more slurpable.)
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings