Security audit #631

Open
opened 1 month ago by cap_jmk · 2 comments
cap_jmk commented 1 month ago

Hey fellows,

I am just learning more security skills, and wanted to ask if it is okay to check codeberg for learning purposes and to improve our resilience.

Hey fellows, I am just learning more security skills, and wanted to ask if it is okay to check codeberg for learning purposes and to improve our resilience.
Collaborator

People are free to check our website. If you do something that might have larger impact, you can always use https://codeberg-test.org instead. It wouldn't be that problematic if you shoot that site down.

You can also especially look at parts that can easily shoot Gitea down (DoS), e.g. large queries. In the past, we stumbled upon simple requests that can easily kill the instance by just spamming F5 / reloading.

I can grant you access to the system monitor for the test instance, if you need to see your impact.

People are free to check our website. If you do something that might have larger impact, you can always use https://codeberg-test.org instead. It wouldn't be that problematic if you shoot that site down. You can also especially look at parts that can easily shoot Gitea down (DoS), e.g. large queries. In the past, we stumbled upon simple requests that can easily kill the instance by just spamming F5 / reloading. I can grant you access to the system monitor for the test instance, if you need to see your impact.
Poster

Great, I am going to practice on https://codeberg-test.org
Would love to have access to the system monitor ... ^^

Great, I am going to practice on https://codeberg-test.org Would love to have access to the system monitor ... ^^
rwa added the
question
label 1 month ago
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.