Konstantin Ryabitsev <konstan...@linuxfoundation.org> writes:
> On Wed, Dec 12, 2018 at 08:11:14PM +0100, Marco Pessotto wrote: >>this is going to be a dumb question, but are there major concerns about >>running CGit with the same user owning the repository? Ok, not >>super-optimal, but is that acceptable? > > It's generally not something I'd advise. Of course, CGit does its best > to remain secure and should not perform any write operations on the git > repositories it serves. However, this means your defenses are 1 layer > deep. If a sufficiently bad bug in CGit is found, your repositories are > now exposed to tampering. > > It's best practice not to create systems protected by only one layer of > defense, because bugs and deployment mistakes will inevitably result in > security incidents given a long enough period of time. Adding extra > protection such as different systems users for writing and reading will > help you hedge against such problems. Thanks Konstantin for your advise, it seems the best thing to do indeed. -- Marco _______________________________________________ CGit mailing list CGit@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/cgit
