Is it secure? #15
Comments
|
I’m glad you’re getting some use out of it, but I have no idea how secure Shinatra is. It was certainly not designed with security in mind.
Ben
… On Nov 2, 2017, at 11:18 PM, Claudio Holanda ***@***.***> wrote:
shinatra fits perfectly into our "basic CI" needs, which are:
Receive webhook upon Github push;
Execute a script to update and build remote git repo in our VM;
All that with ridiculous small memory/cpu footprint usage.
However, there is this concern about how secure is shinatra. Should we be exposing it to web as we are? How likely is it to receive some weird request enabling attacker to run malicious sh code through our shinatra instance? Is it even possible?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
web service with yaml and bash |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
shinatra fits perfectly into our "basic CI" needs, which are:
However, there is this concern about how secure is shinatra. Should we be exposing it to web as we are? How likely is it to receive some weird request enabling attacker to run malicious sh code through our shinatra instance? Is it even possible?
The text was updated successfully, but these errors were encountered: