Do not reveal whether a project exists prior to authenticating (OD-1715)
Open
Liam Foot opened 5 months ago

When attempting to clone a repository, the user is told whether the project exists on the server. I think this should only occur after authenticating. If the user is not authenticated, the response should not indicate whether the project exists.

Is it possible to add this as a setting? I'm not sure if git has any requirement for this slight information leakage.

issue 1 of 1
Type
Improvement
Priority
Normal
Assignee
Labels
No labels
Issue Votes (0)
Watchers (3)
Reference
OD-1715
Please wait...
Page is in error, reload to recover