Commit cc964969 authored by Job van der Voort's avatar Job van der Voort

Merge branch 'security-in-dvcs' into 'master'

Security in dvcs

Explain why access & sharing are the same.

See merge request !1097
parents 01c10175 664b433a
......@@ -2,3 +2,4 @@
- [Password length limits](password_length_limits.md)
- [Rack attack](rack_attack.md)
- [Information exclusivity](information_exclusivity.md)
# Information exclusivity
Git is a distributed version control system (DVCS).
This means that everyone that works with the source code has a local copy of the complete repository.
In GitLab every project member that is not a guest (so reporters, developers and masters) can clone the repository to get a local copy.
After obtaining this local copy the user can upload the full repository anywhere, including another project under their control or another server.
The consequense is that you can't build access controls that prevent the intentional sharing of source code by users that have access to the source code.
This is an inherent feature of a DVCS and all git management systems have this limitation.
Obviously you can take steps to prevent unintentional sharing and information destruction, this is why only some people are allowed to invite others and nobody can force push a protected branch.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment