Can you install Git? If you cant because of security reasons i can understand.
Honestly, I don’t know whether the git command line software is installed or not. But I do know that it doesn’t matter, because there is no way to execute system commands on free hosting. And that’s definitely not something we can allow for security reasons.
if it would be installed, is it possible to restrict users only to some git commands? and another question, if it happens to you to install Node.js, could you restrict the commands to just a few? like
npm or something like that just locally? free hosting of course
I like the idea, but allowing only a few commands or programs wouldn’t really be safe enough.
Sure, you could say that we only allow you to do
git clone and
git pull. But you can also edit the repository
.git folder and add custom hook scripts, which would allow you to execute any commands you want. Which would void the purpose of command whitelists.
The same story is true with NPM. Sure, NPM itself is quite straightforward and safe, but you can run custom commands through
npm run, which would void the command restrictions.
Also, if you’ve ever worked with NPM, you’ll know that
node_modules folders can easily become HUGE, so you’ll easily blast through your inode quota. If you just need to bake some static assets for your application, you should really do that on your own computer.
To whitelist any commands, we would need absolutely certainty that there is no way to execute any custom commands through a hack or hidden option somewhere. If we missed one option, that would be a huge security problem.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.