Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

init repo with secret token #40

Open
antoine-pous opened this issue Nov 28, 2018 · 2 comments
Open

init repo with secret token #40

antoine-pous opened this issue Nov 28, 2018 · 2 comments

Comments

@antoine-pous
Copy link

Currently anybody can configure any repo on any discord, this is a security issue.

Requiring the repo secret token is the best way to fix it and avoid infos leak through your bot.
@antoine-pous antoine-pous changed the title init repo with secret key init repo with secret token Nov 28, 2018
@dsevillamartin
Copy link
Member

Not much info can be leaked apart from commit messages, issues & merge requests, but I agree.
This is planned for the future. May use Gitlab oAuth as well... not sure.

@antoine-pous
Copy link
Author

antoine-pous commented Nov 29, 2018
edited
Loading

Commit give infos about new features/security fixes etc... Then it's a security issue to not support the repo token.

Adding Access token would be cool too, but a guy with read-only access shouldn't be able to configure the repo, this is why i'd prefer to use the repo token.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dsevillamartin @antoine-pous