1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 09:42:41 +01:00
phorge-phorge/src/applications/repository
epriestley 7145587df7 Lock down some config options
Summary:
This is just a general review of config options, to reduce the amount of damage a rogue administrator (without host access) can do. In particular:

  - Fix some typos.
  - Lock down some options which would potentially let a rogue administrator do something sketchy.
    - Most of the new locks relate to having them register a new service account, then redirect services to their account. This potentially allows them to read email.
    - Lock down some general disk stuff, which could be troublesome in combination with other vulnerabilities.

Test Plan:
  - Read through config options.
  - Tried to think about how to do evil things with each one.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8928
2014-05-01 10:23:49 -07:00
..
application Ship "Repositories" create button to new Diffusion workflow 2013-10-29 15:32:39 -07:00
conduit Use "\z" instead of "$" to anchor validating regular expressions 2014-03-13 12:42:41 -07:00
constants Build an early multi-step repository create form 2013-07-14 07:37:17 -07:00
controller Fix Create New Repository link on Repositories 2014-02-16 20:12:09 -08:00
customfield Add a "tags" field to Diffusion commit 2014-03-12 11:30:52 -07:00
daemon Implement smart waits for rarely updated repositories 2014-04-16 13:01:04 -07:00
data Allow Git and Mercurial repositories to be cloned with names in the URI 2014-01-30 11:42:25 -08:00
editor Minor, fix a constant in PhabricatorRepositoryEditor 2014-03-26 10:45:48 -07:00
engine Make discovery slightly cheaper in the common case 2014-04-16 13:00:38 -07:00
mail Allow users to receive email about pushes via Herald 2014-03-26 13:51:15 -07:00
management Separate repository updates from the pull daemon 2014-04-16 13:00:29 -07:00
phid Don't show document types in search for uninstalled applications 2014-04-29 15:01:50 -07:00
query Provide an "event" page for push logs, which shows details on all events in a given push 2014-03-26 13:51:09 -07:00
response Accept and route VCS HTTP requests 2013-10-29 15:32:40 -07:00
search Various linter fixes. 2014-02-26 12:44:58 -08:00
storage Unfatal rendering of repository policy transactions 2014-04-29 10:57:32 -07:00
worker Make the hard limit on the number of files showing in Herald emails a constant. 2014-05-01 07:37:26 -07:00
PhabricatorRepositoryConfigOptions.php Lock down some config options 2014-05-01 10:23:49 -07:00