Page MenuHomePhabricator

Improve consistency of file access policies, particularly for LFS
ClosedPublic

Authored by epriestley on Apr 22 2016, 11:45 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Mar 10, 7:30 PM
Unknown Object (File)
Feb 22 2024, 6:27 PM
Unknown Object (File)
Feb 8 2024, 3:31 PM
Unknown Object (File)
Feb 5 2024, 9:53 PM
Unknown Object (File)
Feb 3 2024, 9:53 AM
Unknown Object (File)
Jan 31 2024, 6:04 AM
Unknown Object (File)
Dec 27 2023, 6:18 PM
Unknown Object (File)
Dec 26 2023, 7:24 PM
Subscribers
None

Details

Summary

Ref T7789. Currently, we use different viewers if you have security.alternate-file-domain configured vs if you do not.

This is largely residual from the days of one-time-tokens, and can cause messy configuration-dependent bugs like the one in T7789#172057.

Instead, always use the omnipotent viewer. Knowledge of the secret key alone is sufficient to access a file.

Test Plan
  • Disabled security.alternate-file-domain.
  • Reproduced an issue similar to the one described on T7789.
  • Applied change.
  • Clean LFS interaction.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley retitled this revision from to Improve consistency of file access policies, particularly for LFS.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad edited edge metadata.
This revision is now accepted and ready to land.Apr 22 2016, 2:33 PM
This revision was automatically updated to reflect the committed changes.