|
| From: | Jon Bright |
| Subject: | Re: [Monotone-devel] Suggestion: Use wildcards for specifying collections |
| Date: | Fri, 15 Apr 2005 14:40:03 +0200 |
| User-agent: | Mozilla Thunderbird 1.0.2 (Windows/20050317) |
Nathaniel Smith wrote:
Can you elaborate on these scp/sftp issues? I'm not quite following why I should be nervous about letting the other side run regexp matching on my behalf.
With SCP/SFTP, there was additionally the issue about the remote side effectively gaining the ability to create arbitrarily-named files on your side (at least within your current directory). Monotone doesn't have this, but the server would have the ability to arbitrarily decide which branches fit your regexp and fill up your DB. Not critical, and I can't think of any worse consequences of it - but if possible, keeping the decisions about what goes into my DB on my client's side seems like good practice... it's more of a feeling thing than a specific vulnerability.
-- Jon Bright Silicon Circus Ltd. http://www.siliconcircus.com
| [Prev in Thread] | Current Thread | [Next in Thread] |