benrady
commented
6 years ago I’m glad you’re getting some use out of it, but I have no idea how secure Shinatra is. It was certainly not designed with security in mind.
Ben
On Nov 2, 2017, at 11:18 PM, Claudio Holanda notifications@github.com wrote:
shinatra fits perfectly into our "basic CI" needs, which are:
Receive webhook upon Github push; Execute a script to update and build remote git repo in our VM; All that with ridiculous small memory/cpu footprint usage. However, there is this concern about how secure is shinatra. Should we be exposing it to web as we are? How likely is it to receive some weird request enabling attacker to run malicious sh code through our shinatra instance? Is it even possible?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
ca110us
shinatra fits perfectly into our "basic CI" needs, which are:
However, there is this concern about how secure is shinatra. Should we be exposing it to web as we are? How likely is it to receive some weird request enabling attacker to run malicious sh code through our shinatra instance? Is it even possible?