We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
See fce6423
This would just let app.json define any dokku command to run.
For security, I said $APP_NAME had to be in the command.
But I realised the security of making sure $APP_NAME is there is probably not enough.
You can run
dokku apps:list $APP_NAME
Which becomes
dokku apps:list whateveryouwant
And you'll still get a full list of apps on the servers.
So there may be other holes where people can do destructive actions on other apps on the server.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
See fce6423
This would just let app.json define any dokku command to run.
For security, I said $APP_NAME had to be in the command.
But I realised the security of making sure $APP_NAME is there is probably not enough.
You can run
Which becomes
And you'll still get a full list of apps on the servers.
So there may be other holes where people can do destructive actions on other apps on the server.
The text was updated successfully, but these errors were encountered: