Page MenuHomePhabricator

Improve consistency of file access policies, particularly for LFS
ClosedPublic

Authored by epriestley on Apr 22 2016, 11:45 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Dec 24, 8:16 AM
Unknown Object (File)
Fri, Dec 20, 6:58 PM
Unknown Object (File)
Fri, Dec 20, 3:59 AM
Unknown Object (File)
Sun, Dec 8, 2:19 AM
Unknown Object (File)
Fri, Dec 6, 3:09 AM
Unknown Object (File)
Nov 19 2024, 10:09 AM
Unknown Object (File)
Nov 9 2024, 9:23 PM
Unknown Object (File)
Nov 9 2024, 6:47 AM
Subscribers
None

Details

Summary

Ref T7789. Currently, we use different viewers if you have security.alternate-file-domain configured vs if you do not.

This is largely residual from the days of one-time-tokens, and can cause messy configuration-dependent bugs like the one in T7789#172057.

Instead, always use the omnipotent viewer. Knowledge of the secret key alone is sufficient to access a file.

Test Plan
  • Disabled security.alternate-file-domain.
  • Reproduced an issue similar to the one described on T7789.
  • Applied change.
  • Clean LFS interaction.

Diff Detail

Repository
rP Phabricator
Branch
lfs1
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 11896
Build 14944: Run Core Tests
Build 14943: arc lint + arc unit

Event Timeline

epriestley retitled this revision from to Improve consistency of file access policies, particularly for LFS.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad edited edge metadata.
This revision is now accepted and ready to land.Apr 22 2016, 2:33 PM
This revision was automatically updated to reflect the committed changes.