Hi Cord, Thank you for the heads up. We would like some more information about your setup since our default installs work with PostgreSQL. Would you be so kind to contact [email protected] as noted in https://about.gitlab.com/disclosure/ ?
Best regards, Sytse On Fri, Jun 20, 2014 at 3:57 PM, Cord Thomas <[email protected]> wrote: > This is a heads up to the developers. > > We've recently begun performing vulnerability scans / pen tests of gitlab to > ensure our instance of it is secure. FYI, it holds up fairly well. That > said, we recently froze our GL instance because our MySQL box ran out of > processes. It took a bit, but we realized ultimately that the pen tests, > which were intentionally abusing GL, were leaving ~30 sleeping processes > behind. I would love to get to the bottom of this, but we are not Ruby > developers so i figured someone at GitLab would be much better suited to > address this. i imagine you could use any online resource to run similar > pen tests to see where the sleeping processes might be coming from. One > good resource is OWASP. Another is > https://pentest-tools.com/vulnerability-scanning/web-server-scanner-nikto. > > Cord > > -- > You received this message because you are subscribed to the Google Groups > "GitLab" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/gitlabhq/fd7a5d1f-1ebf-4137-8e3e-c6094ba9b00e%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/CAEG31mP%2BP-bWVoBNArhAAJqCOYukOfuG%2BWK9e%2BVJggV9TXBp6A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
