Timeline for how safe/sane is it to use git for deployment on my webapp production server?
Current License: CC BY-SA 3.0
6 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| May 2, 2013 at 12:12 | comment | added | Brian Knoblauch | The update security isn't what I was warned about. The issue was with having the version control files on a box that can be accessed from the Internet. Something about being able to glean details from it that can be used to form an attack on either the exposed system and/or the dev computers? I really wish I could find the details again. I didn't keep track of them, I just walked away with the knowledge that there's no safe way (at that time, about a year ago) to allow version control deployment to servers exposed to the open Internet. :-) | |
| May 1, 2013 at 20:33 | comment | added | Luke | That said, every kind of automatic publishing system is to be designed carefully, especially if it will be used by other people, since human-related insecurity is often the key factor, the weakest ring of the chain... | |
| May 1, 2013 at 20:32 | comment | added | Luke | Well, if you use cvs without any kind of security, I am with you.. But if you use some strong way to authenticate (using encrypted channels and certificate-based authentication) I think things are quite more secure... For instance to publish to an azure site you first have to generate a security certificate, with which the system will know who you are when your client connects.. Consider that certificates are way stronger than a (often simple) password... | |
| May 1, 2013 at 20:13 | comment | added | Brian Knoblauch | I'm surprised that's something that hosting sites would do. I've always been told (by security minded folk) that it's a disastrous security hole and should never be done. :-) | |
| May 1, 2013 at 16:55 | review | First posts | |||
| May 1, 2013 at 16:56 | |||||
| May 1, 2013 at 16:36 | history | answered | Luke | CC BY-SA 3.0 |