Project

General

Profile

Actions

Feature #1415

closed

Let system administrator limit repositories valid sources

Added by Paul Rivier over 16 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
High
Category:
SCM
Target version:
Start date:
2008-06-09
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed

Description

As pointed out by Jean Philippe in #1393, users with project manager permissions can setup SCM sources to anything they want. IOW, if they know any valid path to a repository in the hosting system, they can read it. It can be a serious privacy issue.
I think we should take some time to discuss it here, and find an elegant way to fix it.
What do you think about this ?


Related issues

Related to Redmine - Feature #13038: Base path for filesystem repository adapterClosed

Actions
Related to Redmine - Feature #17164: file:/// repository insecureClosed

Actions
Has duplicate Redmine - Feature #10966: [SECURITY] Project Managers should not be able to choose an URL for a local repositoryClosed

Actions
Has duplicate Redmine - Defect #18291: Path property security issue when adding filesystem repositoryClosed

Actions
Actions

Also available in: Atom PDF