Re: Git cvsserver serious issue

On Thu, Sep 23, 2010 at 17:32, Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
>
>
> On 09/23/2010 11:18 AM, Magnus Hagander wrote:
>>
>> On Thu, Sep 23, 2010 at 17:16, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us>  wrote:
>>>
>>> Magnus Hagander<magnus(at)hagander(dot)net>  writes:
>>>>
>>>> So, I found (with some helpful hints from Robert who caught the final
>>>> nail in the coffin) a good reason why we really can't run a
>>>> git-cvsserver globally.
>>>> Any user can point their cvs client at the repository. And check out
>>>> an arbitrary branch, tag *or individual commit*. Doing so will create
>>>> a 50Mb sqlite database on the server with cache information about that
>>>> head.
>>>
>>> I'm still wondering why we don't simply lobotomize git-cvsserver to
>>> refuse requests to check out anything except the active branch tips.
>>> It's only a Perl script.  I could probably hack it in an hour,
>>> there are those here who could do it in ten minutes.
>>
>> Yeah, that would not be a bad idea - if someone can do it who feels
>> comfortable doing it :-)
>>
>> I could probably hack it up as well, but I wouldn't trust myself to
>> have convered all the bases.
>>
>
> Are we sure that's going to stop the DOS issue?

As long as it's done right, I don't see how it wouldn't.

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/