Hi Cord,

Thank you for the heads up. We would like some more information about
your setup since our default installs work with PostgreSQL. Would you
be so kind to contact [email protected] as noted in
https://about.gitlab.com/disclosure/ ?

Best regards,
Sytse


On Fri, Jun 20, 2014 at 3:57 PM, Cord Thomas <[email protected]> wrote:
> This is a heads up to the developers.
>
> We've recently begun performing vulnerability scans / pen tests of gitlab to
> ensure our instance of it is secure.   FYI, it holds up fairly well.  That
> said, we recently froze our GL instance because our MySQL box ran out of
> processes.  It took a bit, but we realized ultimately that the pen tests,
> which were intentionally abusing GL, were leaving ~30 sleeping processes
> behind.   I would love to get to the bottom of this, but we are not Ruby
> developers so i figured someone at GitLab would be much better suited to
> address this.  i imagine you could use any online resource to run similar
> pen tests to see where the sleeping processes might be coming from.  One
> good resource is OWASP.  Another is
> https://pentest-tools.com/vulnerability-scanning/web-server-scanner-nikto.
>
> Cord
>
> --
> You received this message because you are subscribed to the Google Groups
> "GitLab" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/gitlabhq/fd7a5d1f-1ebf-4137-8e3e-c6094ba9b00e%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"GitLab" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/gitlabhq/CAEG31mP%2BP-bWVoBNArhAAJqCOYukOfuG%2BWK9e%2BVJggV9TXBp6A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to