Securing our transifex instance
dimitris at glezos.com
Wed Aug 29 03:03:08 UTC 2007
It's time to add some non-localhost repos to our transifex instance, so
some advices on the security front would be greatly appreciated.
We're doing everything over SSH, with encrypted keys. Before starting
the TG app, tha admin needs to run ssh-agent and ssh-add. The goal would
be to have a different service actually handling the keys and the
commits, but that would have to wait for someone to submit the patchset.
With each repository (host) having its own key pair, `~/.ssh/config`
right now looks like this:
# User transifex
# IdentityFile ~/.ssh/id_dsa-cvsfpo
On the web front, I tried my best to validate properly any input/output
from/to the user. Since transifex accepts user input, writes files on
our server, runs OS commands on the server, uses SSH keys to communicate
with other machines and writes to disks across the Internet, we better
make sure everything is OK before launching.
It would be great if some of you python hackers take a look at the code,
or anyone with the hobby of defacing websites run any injection/XSS-foo
on our instance, in order to identify and any additional checks or
reveal any mistakes I made (which I'm sure I did since it's my first big
python and TG app).
Our test instance dwells at
Short instructions to get the code and install a local instance to play
around freely and with less lag can be found at:
Bugs, reports, suggestions:
Jabber ID: glezos at jabber.org, GPG: 0xA5A04C3B
"He who gives up functionality for ease of use
loses both and deserves neither." (Anonymous)
More information about the infrastructure