I am running my test OneDev within a Docker container, todays last Docker image.
Created a test project with nothing set as Default Role. And confirmed from another browser the project is not visible to anyone except the project owner.
And then I attempted to push to the repository from command line without providing user credentials and the push succeeded.
These seems like a serious malfunction and security risk or maybe I have misconfigured something?
Robin Shen commented 3 years ago
Seems that your git client cached credentials used previously. I tested here and it does ask for credential with credential cache disabled.
Artur commented 3 years ago
Yes, you are right. I forgot, I already pushed code to a different repository a few weeks ago.
Hi,
I am running my test OneDev within a Docker container, todays last Docker image.
Created a test project with nothing set as Default Role. And confirmed from another browser the project is not visible to anyone except the project owner.
And then I attempted to push to the repository from command line without providing user credentials and the push succeeded.
These seems like a serious malfunction and security risk or maybe I have misconfigured something?