1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-22 21:40:55 +01:00
No description
Find a file
epriestley 2c7be52fc2 Lock phabricator.show-prototypes
Summary:
Two goals:

  - If an attacker compromises an administrator account (without compromising the host itself), they can currently take advantage of vulnerabilities in prototype applications by enabling the applications, then exploiting the vulnerability. Locking this option requires CLI access to enable prototypes, so installs which do not have prototypes enabled have no exposure to security issues in prototype applications.
  - Making this very slightly harder to enable is probably a good thing, given the state of the world and support.

Test Plan: Verified that web UI shows the value is locked and instructs the user to update via the CLI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10993
2014-12-15 11:00:20 -08:00
bin Add bin/worker flood, for flooding the task queue with work 2014-11-24 11:10:15 -08:00
conf Configuration - re-jigger how we handle bad configuration files 2014-10-06 13:20:56 -07:00
externals Update Stripe PHP API 2014-07-13 09:19:07 -07:00
resources Allow repositories to be bound to an AlmanacService 2014-12-12 12:07:11 -08:00
scripts Minor linter fixes 2014-12-09 18:37:32 +11:00
src Lock phabricator.show-prototypes 2014-12-15 11:00:20 -08:00
support Minor formatting changes 2014-10-08 08:39:49 +11:00
webroot Transactions - change show all key from "~" to "@" 2014-12-12 11:23:56 -08:00
.arcconfig Update .arclint in Phabricator for phutil-library lint 2014-05-12 06:01:30 -07:00
.arclint Update the quickstart.sql 2014-11-07 12:29:24 -08:00
.editorconfig Specify config for text editors 2012-11-03 22:34:44 -07:00
.gitignore Implement storage of a host ID and a public key for authorizing Conduit between servers 2014-10-03 22:52:41 +10:00
LICENSE Delete license headers from files 2012-11-05 11:16:51 -08:00
NOTICE Update Phabricator NOTICE file to reflect modern legal circumstances 2014-06-25 13:42:13 -07:00
README Reformat README as Remarkup 2014-07-16 22:10:36 +10:00

Phabricator is an open source collection of web applications which help
software companies build better software.

Phabricator includes applications for:

  - reviewing and auditing source code;
  - hosting and browsing repositories;
  - assembling a party to venture forth;
  - tracking bugs;
  - hiding stuff from coworkers; and
  - also some other things.

You can learn more about the project (and find links to documentation and
resources) [[http://phabricator.org/ | here]].

Phabricator is developed and maintained by [[http://phacility.com/ |
Phacility]]. The first version of Phabricator was originally built at Facebook.

= LICENSE =
Phabricator is released under the Apache 2.0 license except as otherwise noted.