You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the WindowsUserService will automatically add all users from the BUILTIN\Administrators
group as repository admins. However, this is a potential security threat as the domain
admins and other local admin groups will automatically get complete control over the
repository.
It would be very nice if this default behavior can be disabled at config time, for
example, using an option in the gitblit.properties.
This will require a minor change in com.gitblit.auth.WindowsAuthProvider (line 162)
to implement.
Reported by ventsi84 on 2013-12-19 14:05:01
The text was updated successfully, but these errors were encountered:
Well, in general yes but it also requires proactive modifications to the webapp on the
server which are easier to track.
However, by implicitly giving adm access to the repositories to all local admins (including
domain admins), anyone with such access can simply login to the web ui and do everything.
In the best case, such an event will be logged to gitblit logs which may not be actively
monitored...
Originally reported on Google Code with ID 354
Reported by
ventsi84
on 2013-12-19 14:05:01The text was updated successfully, but these errors were encountered: