[darcs-users] suggestion: each push should identify its target repo internally
John Meacham
john at repetae.net
Wed Aug 13 19:39:21 UTC 2003
ack, I wouldn't want references to paths on my system to escape.
In any case, it seems clear that there would be security issues if the
client were allowed to specify arbitrary paths or modify the url
parameter to something which is not exported.
The solution I am thinking of is a config file, where you explicitly
list
(public URL, internal path to repository, allowed_keys) triples.
this file is what would be passed as an option to darcs-patcher and it
would use it to resolve where incoming patches should go and bounce any
that refer to an invalid URL. I think trying to interpret the value as
anything other than a key in a lookup table would lead to possible
security issues.
this also makes setting up new repositories very simple, no need to mess
with procmail or whatnot, just add a new entry to this file and export
your repository.
John
--
---------------------------------------------------------------------------
John Meacham - California Institute of Technology, Alum. - john at foo.net
---------------------------------------------------------------------------
More information about the darcs-users
mailing list