Deleting a branch is permanent. It CANNOT be undone. Continue?
標籤
里程碑
Assignees
No Assignees
1 參與者
Due Date
No due date set.
Dependencies
This issue currently doesn't have any dependencies.
Loading…
尚未有任何內容
Delete Branch '%!s(MISSING)'
By knowing the static url of a task file anyone can access the file without having read access to the project. The most straightforward way to mitigate this vulnerability is by using the NGINX module “ngx_http_secure_link_module” https://nginx.org/en/docs/http/ngx_http_secure_link_module.html
However, since this module only supports MD5, we will not recommend this solution. Ideally the vulnerability would have been mitigated using a third party package for NGINX: “ngx_http_hmac_secure_link_module” https://github.com/nginx-modules/ngx_http_hmac_secure_link_module
To enable this, the package would have to be included in NGINX before compilation, as of now the image uses a pre-compiled NGINX. Then gx_http_hmac_secure_link_module would enable use of temporarily secure links hashed with a secure hashing algorithm such as SHA256.