| commit | 0f95d2d0462f8badd3cdb1fadb6dbb3fe84074b4 | |
| author | Nico Sallembien <nsallembien@google.com> | |
| Sat, 13 Mar 2010 00:07:19 +0000 (12 16:07 -0800) | ||
| committer | Shawn O. Pearce <spearce@spearce.org> | |
| Thu, 18 Mar 2010 18:37:59 +0000 (18 11:37 -0700) | ||
| tree | bdbd00a736e617678617f51b97856bd51248a96a | treesnapshot (tar.gz zip) |
| parent | 6fabb6d20427591fb754f6dc4632187ebc0edb55 | commitdiff |
Add a paranoid 'must be provided' option to ReceivePack
By default a receive pack assumes that its user will only provide
references to objects that the user already has access to on their
local client. In certain cases, an additional check to verify the
references point only to reachable objects is necessary.
This additional checking is useful when the code doesn't trust
the client not to provide a forged SHA-1 reference to an object,
in an attempt to access parts of the DAG that they weren't allowed
to see by the configured RefFilter.
Change-Id: I3e4b8505cb2992e3e4be253abb14a1501e47b970
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
By default a receive pack assumes that its user will only provide
references to objects that the user already has access to on their
local client. In certain cases, an additional check to verify the
references point only to reachable objects is necessary.
This additional checking is useful when the code doesn't trust
the client not to provide a forged SHA-1 reference to an object,
in an attempt to access parts of the DAG that they weren't allowed
to see by the configured RefFilter.
Change-Id: I3e4b8505cb2992e3e4be253abb14a1501e47b970
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
| org.eclipse.jgit/src/org/eclipse/jgit/transport/ReceivePack.java | diffblobblamehistory |