It would be helpful to write an overview document for installs interested in understanding the Phabricator security model: what we consider to be a threat; what options are available, etc.
- Mentioned In
- D20616: Make "PhutilProcessQuery" detection of overseer processes more robust
rP93e6dc1c1d69: Upgrade object reply addresses to SHA256 and remove "phabricator.mail-key"
D19945: Upgrade object reply addresses to SHA256 and remove "phabricator.mail-key"
T13130: Plans: 2018 Week 17/18 Bonus Content
T7959: Mercurial doesn't store HTTP passwords in config anymore
T7023: Elaborate the security.alternate-file-domain warning
- Mentioned Here
- D19997: Put a hard limit on password login attempts from the same remote address
T12509: Plan the path forward from HMAC-SHA1
- Via HackerOne, git-remote-https may leak HTTP basic auth credentials to other users on the machine by making them visible in ps auxwww or similar. We consider these users trusted and this is outside the range of what we protect an install from.
Some guidance about "configure captchas if you're a public-facing, password-login install" would be good here too, but maybe we should just raise it as a setup issue if you have password auth enabled, and let users ignore it if they're VPN'd.