Homec4science

Lock all reply-handler options in the upstream, plus cookie prefix

Authored by epriestley <git@epriestley.com> on Feb 13 2015, 20:00.

Description

Lock all reply-handler options in the upstream, plus cookie prefix

Summary:
Ref T7185. These settings shouldn't be unlocked anywhere. Specifically:

  • reply-handler: These are on the way out.
  • reply-handler-domain: Also hopefully on the way out; locked because a compromised administrator account can redirect replies.
  • phabricator.cookie-prefix: Not dangerous per se, but an admin could have a hard time fixing this if they changed it by accident since their session would become invalid immediately.

Test Plan: Browsed Config.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7185

Differential Revision: https://secure.phabricator.com/D11764

Details

Committed
epriestley <git@epriestley.com>Feb 13 2015, 20:00
Pushed
aubortJan 31 2017, 17:16
Parents
rPHebebeb8f7cb7: Upgrade "masked" config to "hidden"
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHe5b402d13f76: Lock all reply-handler options in the upstream, plus cookie prefix (authored by epriestley <git@epriestley.com>).Feb 13 2015, 20:00