-
Notifications
You must be signed in to change notification settings - Fork 520
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Req] Password-protected Repos #5
Comments
Well, i want to keep GitList as simple as possible and avoid any kind of database. That may change in the future or a spin-off project, of course. To solve your problem, you have a few options:
|
Actually, I was looking into setting things up with Apache Auth, I'll document the process and write up a smallish blogpost. I love the way gitlist looks and how easy it was to set up! |
If you need help, let me know. :) |
Can you please tell me how to add a simple username/password (that we can share among our team) to gitlist? PS: We are trying to stay away from using htpasswd |
The Symfony Security component in the book is meanly focused on the Symfony full stack framework. |
Reorganize tests dir to follow best pratices + add tests on commit import
Very surprised that gitlist doesn't have built-in authentication mechanism. If I wanna make my repo open to the world I rather use github not gitlist. And if I choose to use something like gitlist that probably means I wanna keep my project private on my own server. |
Gitlist was designed as a Repository viewer not a full fledged Git repositories managing software. I actually started using http://gitlab.org/ a while back. |
@sstok - Thank you. |
Hey guys, A year later, I was wondering what solutions you have found. Thank |
Hello, I would like to see some authorization functions in GitList, too. For example like in WebSVN. There you can use Apache authentication and use the "AuthzSVNAccessFile" to specify the repository permissions. esco |
Hi, I love gitlist and I would like to support the request to build in some sort of password protection. Thanks, |
Great work :-) I agree with most people here, this utility needs to provide some in-built access control. |
Just want to share my solution on the issue using http auth in nginx.
|
I agree here that it needs basic access control feature in-build. gitlist has expose many companies source code on internet without company/admin actually knowing it.
Want to find more? just google gitlist and scroll through next few pages in result. Its obvious that everyone is not well experienced in security aspects at least. |
Maybe this could be solved with "plugins" (see #739), so one could add access protection easily. However, this should be an optional plugin. The default GitList installation shouldn't be bloated. |
think so, and the download as ZIP/tar makes it worse on internet.. You can own anyone code literally. |
One could reason that we should disallow google bot and others to avoid being indexed by search engines. This could be done with a small robots.txt. |
How is that a responsibility of GitList? If you want to restrict access, you do it yourself, based on your own needs. Same for restricting bots. Some people might think that robots.txt are enough, others will probably need Varnish or an web application firewall. @dvbava You are hosting a repository viewer on your public Apache/Nginx server. It is kind of obvious that everything will be public. It's up to you to restrict access by IP, VPC or just add a simple HTTP Basic on your Apache/Nginx configuration. If we add a simple user/pass mechanism stored in the configuration file, then why not LDAP? Or OAuth? Or SAML? It's a can of worms and it's out of the scope of a simple git repository viewer. |
Hey! I just learned about Gitlist, it was incredibly easy to set up and I wanted to use at $DayJob, however the Boss is obviously concerned about the security, so I was wondering if some sort of user/password setup was in the roadmap for this project. This wouldn't be used to protect the actual git repo, just to display the stuff via web.
Thanks.
The text was updated successfully, but these errors were encountered: