Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Smart Commit Warning

Prantar Bora
Prantar Bora March 16, 2016

Hi,

We want to enable smart commits in Crucible so that users can directly transition issues in the linked project in JIRA or create review while committing. 

However we have seen the following warning while enabling smart commits in Crucible administration.-- "When using Git or Mercurial, it is possible to commit under any username. Ensure you can fully trust your committers when using those systems."

Our repositories are hosted in Bitbucket and most users use Git clients.

Could some please suggest what exactly this means and what implications this could have ? For e.g. can a user who is having permission to commit in Stash but no permissions in the JIRA project be able to transition an issue while committing?


Thanks,

Answer
Watch
Like Marek Parfianowicz likes this
389 views

1 answer

1 accepted

1 vote
Answer accepted
Vitalii Petrychuk
Vitalii Petrychuk
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 23, 2016

This means that UserA can modify his git config settings in the next way:

Then using Smart Commits he can perform all possible operations as UserB (if UserB is authenticated with JIRA Software).

View More Comments
Lance Milleson
Lance Milleson September 19, 2019

This sounds like a horrible security issue!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Fisheye
Fisheye/Crucible
TAGS
AUG Leaders

Atlassian Community Events

    See all events