-
Notifications
You must be signed in to change notification settings - Fork 640
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Require authentication on remote clients #988
Comments
I agree, for security reasons, by default ungit must only allow local adresses. How exactly works these options --allowedIPs and --authentication --users ? I tried :
But I obtain the following message : |
yes this is very rudimentary and not pedantic at all and we could introduce the ip npm module to do more precise matching. Simply put, it was a feature that wasn't used quite often so it was bit neglected. I will fix it up soon if no body touches it by the time I get to it. |
For my point of view the main problem is a security issue : Ungit must bind by default on 127.0.0.1 and not 0.0.0.0 |
Oh wow, I thought it would default bind to 127.0.0.1 but I guess not. Has this changed or has it always been like this for the I think there is a better way to start the server with express now but will visit that later. @gigi206 you are right this did surprise me and I've totally missed your point. Is there anything else I could add? |
No juste bind by default on 127.0.0.1 is good in my point of view :) You can check with lsof on linux :
Actually you can see TCP *:8448 (LISTEN) and it must be TCP 127.0.0.1:8448 (LISTEN) Or netstat on Windows :
|
Yeah it's all localhost for me now so that's good. Thanks! |
Fixed in ungit 1.4.29 and made configurable in 1.4.30. |
Let's say that my computer is connected to a local area network (such as wifi), my own ip address is
192.168.1.5
and::ffff:192.168.1.5
. I runungit --port=8448
so every device in my LAN can go tohttp://192.168.1.5:8448
and edit my repo. I could just use--allowedIPs
but it's more convenient to be able to access my repo from other devices.Request
127.0.0.1
::1
::ffff:127.0.0.1
192.168.1.5
::ffff:192.168.1.5
The text was updated successfully, but these errors were encountered: