Many services use regular HTTP behind nginx and exozyme users may be able to view that traffic #82
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I think this is a pretty big security issue, but I'm not exactly sure if exozyme users are able to view the HTTP traffic. More investigation is definitely needed.
We're currently using Unix sockets for many services but our permissions are pretty weak.
I improved our Unix socket permissions which is being tracked in issue #87.
It should be safe: https://stackoverflow.com/questions/522012/can-traffic-on-loopback-be-packet-sniffed#522046 https://security.stackexchange.com/questions/57230/encrypt-and-authenticate-localhost-traffic