search

itsapi / github-listener

A Node.js continuous deployment system for Github.
http://github.com/itsapi/github-listener
GNU General Public License v2.0
7 stars 0 forks source link

Verify Repository Source #10

Closed geraintwhite closed 10 years ago

geraintwhite commented 10 years ago

close #9

olls commented 10 years ago

If someone sends a fake payload they could set the payload.repository.owner.name to a trusted user but the payload.repository.full_name could be a different users repository. Another way to do this could be to ignore the owner.name and just use the full_name.

geraintwhite commented 10 years ago

Closed because no longer needed since implementing payload signature verification dcd30ff52cebc4e46037ace2ad48c2e3dfd2df35.