[Esug-list] Repository (In)Security

Sean P. DeNigris sean at clipperadams.com
Sat Aug 22 14:51:14 EDT 2015


We were sitting here looking at some unencrypted network traffic and it hit
me - our StHub, SqS, and ss3 credentials are always unencrypted. This is a
tremendous security hole. Someone could grab the credentials of a more
prominent member of the community who has admin rights to many repos and
start uploading arbitrary Zip files with who-knows-what embedded.

SSL certificates are so cheap today. Will ESUG purchase them for our
community servers?

I personally have deleted all my private repos, and moved them to BitBucket,
which I can access via SSH, but it doesn't solve the problem because of
course any open source St project I load will open the flood gates!



-----
Cheers,
Sean
--
View this message in context: http://forum.world.st/Repository-In-Security-tp4845058.html
Sent from the ESUG mailing list archive at Nabble.com.




More information about the Esug-list mailing list