Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Check that user name in a commit matches the authentication credentials

Hi all,

when experimenting with our own instance of Bitbucket, we determined that it is possible to

  • clone a repository
  • configure the local clone with an arbitrary user name and email
  • create commits
  • push to Bitbucket server using SSH, such that the author of the commits does not match the user authenticating over SSH.

This could allow a developer to submit commits on behalf of another user without the consent of the latter (we tested this).

Is there any way to check upon a push that all commits being pushed are (co-)authored by the user authenticating to the server?

 

Thanks in advance!

Damian

 

 

1 answer

We investigated this further and found out that Azure Dev Ops,for example, does log the user credentials used to push commits (see attached).

 

Is this information logged in Bitbucket as well?
Azurecommit.png

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events