ブランチの削除は恒久的で、元に戻すことはできません。 続行しますか?
ラベル
マイルストーン
担当者
担当者なし
1 人の参加者
期日
期日は未設定です。
依存関係
この課題に依存関係はありません。
読み込み中…
まだ内容がありません
ブランチ '%!s(MISSING)' の削除
By knowing the static url of a task file anyone can access the file without having read access to the project. The most straightforward way to mitigate this vulnerability is by using the NGINX module “ngx_http_secure_link_module” https://nginx.org/en/docs/http/ngx_http_secure_link_module.html
However, since this module only supports MD5, we will not recommend this solution. Ideally the vulnerability would have been mitigated using a third party package for NGINX: “ngx_http_hmac_secure_link_module” https://github.com/nginx-modules/ngx_http_hmac_secure_link_module
To enable this, the package would have to be included in NGINX before compilation, as of now the image uses a pre-compiled NGINX. Then gx_http_hmac_secure_link_module would enable use of temporarily secure links hashed with a secure hashing algorithm such as SHA256.