diff options
| -rw-r--r-- | doc/bugs/Forcing_https_for_Google_cloud_storage_remote__63__.mdwn | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/doc/bugs/Forcing_https_for_Google_cloud_storage_remote__63__.mdwn b/doc/bugs/Forcing_https_for_Google_cloud_storage_remote__63__.mdwn new file mode 100644 index 000000000..5b0eff50f --- /dev/null +++ b/doc/bugs/Forcing_https_for_Google_cloud_storage_remote__63__.mdwn @@ -0,0 +1,29 @@ +### Please describe the problem. + +A special remote for Google cloud storage would appear to send the developer keys in the clear. +Obviously the content itself can be secured with the encryption but sending the auth keys in +the clear permits anybody listening (i.e. at a public WiFi access point) to gain r/w access to +the user's GCS store. + +### What steps will reproduce the problem? + +Setup a new special remote: + + git annex initremote gcs type=S3 chunk=2MiB encryption=none host=storage.googleapis.com bucket=gitannex + ... + git move --to=gcs blah + +Capture packets. Watch the developer keys go by in the headers. And in this case, see the content too because there's no +encryption turned on. But I believe that I know how to fix this. + +I tried to persuade `git annex` to use a SSL connection but without encouraging results: + + git annex initremote gcs type=S3 chunk=2MiB port=443 host=storage.googleapis.com bucket=gitannex + initremote gcs (checking bucket...) git-annex: ErrorClosed + + +### What version of git-annex are you using? On what operating system? + +Debian wheezy, git-annex version: 5.20141024~bpo70+1 + +### Please provide any additional information below. |