Page MenuHomePhabricator

Improve consistency of file access policies, particularly for LFS
ClosedPublic

Authored by epriestley on Apr 22 2016, 11:45 AM.
Tags
None
Attached Files
Unknown Object (File)
Apr 16 2017, 12:07 AM
Unknown Object (File)
Apr 14 2017, 2:31 AM
Unknown Object (File)
Apr 13 2017, 4:12 PM
Unknown Object (File)
Mar 2 2017, 7:40 AM
Unknown Object (File)
Feb 12 2017, 7:07 PM
Unknown Object (File)
Feb 11 2017, 8:45 PM
Unknown Object (File)
Feb 11 2017, 8:45 PM
Unknown Object (File)
Feb 11 2017, 8:45 PM
Subscribers
None

Details

Summary

Ref T7789. Currently, we use different viewers if you have security.alternate-file-domain configured vs if you do not.

This is largely residual from the days of one-time-tokens, and can cause messy configuration-dependent bugs like the one in T7789#172057.

Instead, always use the omnipotent viewer. Knowledge of the secret key alone is sufficient to access a file.

Test Plan
  • Disabled security.alternate-file-domain.
  • Reproduced an issue similar to the one described on T7789.
  • Applied change.
  • Clean LFS interaction.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley retitled this revision from to Improve consistency of file access policies, particularly for LFS.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad edited edge metadata.
This revision is now accepted and ready to land.Apr 22 2016, 2:33 PM
This revision was automatically updated to reflect the committed changes.