Say a project has a registered CPE (Common Platform Enumeration) entry in the NIST database.
Where should the CPE be stored in the repository?
The repository is not authoritative, but it could be useful to provide the CPE in the repository and the user simply verifies it with the CPE database.
Related
I have a fresh installation of GitLab 15.7.2. When a new user is created, it sends a notification E-Mail via SMTP to that user, saying The Administrator created an account for you. Now you are a member of the company GitLab application.
How can I change the company name GitLab application ?
After a little research, I realized that we cannot change Gitlab's email notifications.
In addition, this sentence does not mean the name of your company, it just says that you have been added to your company's Gatilab
I am using Gitlab CE 9.0 . Please tell me how to restrict a external guest user from download/clone an internal repository
Thanks !
According to the gitlab documentation "On public and internal projects, all users are able to perform this action".
In other words, guest users have permission to download (i.e. clone) projects they have access to.
First of all: keep your GitLab up-to-date. 9.0 is over a year old; you will be missing a lot of security updates.
GitLab CE User permissions table:
Second: Guests can access public and internal repositories, but not private ones. So you can set the project to private.
Third: You can flag the external users to be external in the Access tab when editing the user:
External users cannot see internal or private projects unless access is explicitly granted. Also, external users cannot create projects or groups.
Given I have a existing project and I want to add an external GitLab user to the project.
The user can enter his/her GitLab username (and additional fields if needed) in a UI.
What is the best practice to verify that the user is valid and that the user is the real owner of the entered account over the GitLab API?
This should also support external login methods (GitHub, ...).
I'm using github-api, an npm plugin, to create and manage repositories in node.js. I was able to create repositories for a user, and read a user's organizations, but I could not find out how to create a repository for an organization. I looked through the documentation but I am still confused as to how to create the repository.
Thanks in advance!
It seems that this client doesn't support repository creation for organizations. There is only createRepo for user.
The request for the user looks like:
POST /user/repos
and for the organization:
POST /orgs/:org/repos
where :org is the organisation name.
I'm studying Dropbox and learning about it's infrastructure. It comes to a scenario when you have just installed dropbox on linux, after running ~/.dropbox-dist/dropboxd you will be given a link in order to link the computer to the account.
The Link has the format: https://www.dropbox.com/cli_link?host_id=xxxxxxxxxx
I'm trying to figure out how dropbox generates those host_id, is it based on the hardware ID or bases on anything?
Please share your ideas if you have one.
Thank you so much.
The Host ID is the only parameter that is used for authenticating users and devices. This means that any disclosure of the Host ID will allow an attacker to get access to all the user data in Dropbox. The Host ID is common to all the devices in the specific account and never changes.
These weakness issues have been discussed by information security blogger Derek Newton [3] who also reveals that changing the Dropbox account password would not change the Host ID. So changing password becomes useless.
Reference: http://blog.sikkerhed.alexandra.dk/2012/01/24/cloud-security-a-dropbox-case-study/
It seems Host_ID is generated by Dropbox itself when the user registers their account on dropbox and is never changed in future.