Require authentication on remote clients #988
Comments
|
I agree, for security reasons, by default ungit must only allow local adresses. How exactly works these options --allowedIPs and --authentication --users ? I tried : But I obtain the following message : |
|
yes this is very rudimentary and not pedantic at all and we could introduce the ip npm module to do more precise matching. Simply put, it was a feature that wasn't used quite often so it was bit neglected. I will fix it up soon if no body touches it by the time I get to it. |
|
For my point of view the main problem is a security issue : Ungit must bind by default on 127.0.0.1 and not 0.0.0.0 |
|
Oh wow, I thought it would default bind to 127.0.0.1 but I guess not. Has this changed or has it always been like this for the I think there is a better way to start the server with express now but will visit that later. @gigi206 you are right this did surprise me and I've totally missed your point. Is there anything else I could add? |
|
No juste bind by default on 127.0.0.1 is good in my point of view :) You can check with lsof on linux : Actually you can see TCP *:8448 (LISTEN) and it must be TCP 127.0.0.1:8448 (LISTEN) Or netstat on Windows : |
|
Yeah it's all localhost for me now so that's good. Thanks! |
|
Fixed in ungit 1.4.29 and made configurable in 1.4.30. |
Let's say that my computer is connected to a local area network (such as wifi), my own ip address is
192.168.1.5and::ffff:192.168.1.5. I runungit --port=8448so every device in my LAN can go tohttp://192.168.1.5:8448and edit my repo. I could just use--allowedIPsbut it's more convenient to be able to access my repo from other devices.Request
127.0.0.1::1::ffff:127.0.0.1192.168.1.5::ffff:192.168.1.5The text was updated successfully, but these errors were encountered: