1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-18 19:40:55 +01:00
No description
Find a file
epriestley a15f07cc33 Allow Phabricator to be configured to use a public Reply-To address
Summary:
We already support this (and Facebook uses it) but it is difficult to configure
and you have to write a bunch of code. Instead, provide a simple flag.

See the documentation changes for details, but when this flag is enabled we send
one email with a reply-to like "D2+public+23hf91fh19fh@phabricator.example.com".
Anyone can reply to this, and we figure out who they are based on their "From"
address instead of a unique hash. This is less secure, but a reasonable tradeoff
in many cases.

This also has the advantage over a naive implementation of at least doing object
hash validation.

@jungejason: I don't think this affects Facebook's implementation but this is an
area where we've had problems in the past, so watch out for it when you deploy.
Also note that you must set "metamta.public-replies" to true since Maniphest now
looks for that key specifically before going into public reply mode; it no
longer just tests for a public reply address being generateable (since it can
always generate one now).

Test Plan:
Swapped my local install in and out of public reply mode and commented on
objects. Got expected email behavior. Replied to public and private email
addresses.

Attacked public addresses by using them when the install was configured to
disallow them and by altering the hash and the from address. All this stuff was
rejected.

Reviewed By: jungejason
Reviewers: moskov, jungejason, tuomaspelkonen, aran
CC: aran, epriestley, moskov, jungejason
Differential Revision: 563
2011-07-03 12:31:00 -07:00
bin Improve CLI script for account creation and document account/reg setup process 2011-05-12 18:44:53 -07:00
conf Allow Phabricator to be configured to use a public Reply-To address 2011-07-03 12:31:00 -07:00
externals Skip attaching 'inline' text attachments 2011-06-12 22:38:57 -07:00
resources Allow Maniphest tasks to be filtered by Project 2011-06-29 21:56:47 -07:00
scripts Install "mysql-server" in the RHEL-derivatives script 2011-06-30 12:17:10 -07:00
src Allow Phabricator to be configured to use a public Reply-To address 2011-07-03 12:31:00 -07:00
support/aphlict Aphlict, simple notification server 2011-05-17 10:32:41 -07:00
webroot Improve search result listing 2011-06-29 13:25:38 -07:00
.arcconfig Bring Javelin into Phabricator via git submodule, not copy-and-paste 2011-05-08 13:20:10 -07:00
.divinerconfig Update Arcanist documentation. 2011-06-26 11:52:10 -07:00
.gitignore Gitignore additions 2011-06-10 12:59:15 -04:00
.gitmodules Just change the location. 2011-05-28 15:14:54 -07:00
CHANGELOG Allow Maniphest tasks to be filtered by Project 2011-06-29 21:56:47 -07:00
README Add a roadmap document and update the README. 2011-06-29 09:38:03 -07:00

Phabricator is a open source collection of web applications which make it easier
to write, review, and share source code. Phabricator was developed at Facebook.

This is an early release. It's pretty high-quality and usable, but under
active development so things may change quickly.

You can learn more about the project and find links to documentation and
resources at: http://phabricator.org/

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.
http://www.apache.org/licenses/LICENSE-2.0