Preventing Author Spoofing

Matt Mackall mpm at selenic.com
Wed Nov 26 22:12:33 UTC 2014


On Wed, 2014-11-26 at 11:57 -0800, Aaron Jensen wrote:
> What is the recommended solution for preventing author spoofing? Our
> security team is nervous that anyone could make a commit, but use
> someone else's name/e-mail address. 

Our model assumes that a large fraction of users in the world will have
admin access on their machine and the ability to modify Mercurial's
source, so attempting to restrict the user name used is obviously
futile.

Instead, you can put the security on the server side: add a hook that
requires changeset user names to match the name of the user doing a push
(or that the commits are cryptographically signed or whatever).

(But don't forget when you're doing this that if you can't trust the
users who have push access _to your codebase that is run by other
developers_ to not be malicious, you're Already Screwed™.)

-- 
Mathematics is the supreme nostalgia of our time.





More information about the Mercurial mailing list