You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 8, 2023. It is now read-only.
I have been a long time user of Codiad and I love it, especially when combined with CodeGit.
However I have stumbled into a potential security issue.
I have setup external LDAP authentication to protect my instance of Codiad. However irrespective of which authentication source is used, it only protects Codiad's files. This authentication mechanism does not protect the project files in the workspaces.
I have tried to access some of my project's PHP scripts in the workspace area BASE_PATH/workspace/myproject/example.php and they work without having to login using Codiad's login page.
Is this by design? Shouldn't the workspaces and projects be secured with Codiad's security/login mechanisms? After all they reside within Codiad. Is there something I'm missing?
The text was updated successfully, but these errors were encountered:
I have been a long time user of Codiad and I love it, especially when combined with CodeGit.
However I have stumbled into a potential security issue.
I have setup external LDAP authentication to protect my instance of Codiad. However irrespective of which authentication source is used, it only protects Codiad's files. This authentication mechanism does not protect the project files in the workspaces.
I have tried to access some of my project's PHP scripts in the workspace area
BASE_PATH/workspace/myproject/example.php
and they work without having to login using Codiad's login page.Is this by design? Shouldn't the workspaces and projects be secured with Codiad's security/login mechanisms? After all they reside within Codiad. Is there something I'm missing?
The text was updated successfully, but these errors were encountered: