Comments (7)
afragen
commented on July 18, 2024
Actually this is for themes or plugins. GitHub's token providing read access shouldn't cause any issues as it's only read access and you control who gets the theme or plugin. Plus you can revoke it at any time.
Bitbucket private repos currently do not download and install correctly based upon Basic Authentication. At this time there's no other easy way to do this in Bitbucket. Any other solution providing read only access to the repo using some sort of token endpoint would be welcome.
from git-updater.
afragen
commented on July 18, 2024
In answer to last question, not without disabling updating.
from git-updater.
grglaz
commented on July 18, 2024
I had the same question in my mind. I use bitbucket private rep too. It is too risky to leave these credentials information in the file. If i invite another account to the rep with read only access will it work?
thank you for this great work.... i really appreciate.
from git-updater.
afragen
commented on July 18, 2024
Bitbucket doesn't seem to provide a simple way do this. OAuth requires the user to login to Bitbucket.org and basic authentication seems to be the only way to access a private repo. Unfortunately the bigger problem is that I can't seem to download and install an update from a Bitbucket private repo. See issue #59
Ideally if Bitbucket used some sort of access token like GitHub has it would be better. In the plugin's current state it will notice that a private repo had an update but can install it.
Yes, it is a security issue but what other way is there to access a private repo's data from the command line?
from git-updater.
kang-mus
commented on July 18, 2024
you want username and password parameter to access private repository on bitbucket. But, why you require to place this configuration on style.css?
Other way to securing password, i think you can make rules such as create variable in function.php that containing username and password. like a define( 'BITBUCKET_PASSWORD', 'secreet_password' ); it's look more secure. Correct me if I'm wrong.
thanks for this great plugin...
from git-updater.
afragen
commented on July 18, 2024
The problem is that even with the user/pass, Basic Authentication, Bitbucket throws an error and will not allow the download. See #59
Recent comments by Bitbucket devs are the following. https://bitbucket.org/site/master/issue/1087/private-repository-public-downloads-bb-733
changed status to wontfix
We have decided that we will not be implementing public downloads for repos with private source. Our goal is to build a product where folks collaborate around writing source code and not build a distribution platform for binary files. There are several low cost services that are optimized for distributing binary files, such as Amazon S3 or Rackspace which we recommend.
Respectfully, Justen -- Bitbucket product manager
Given this it doesn't look like support for Bitbucket private repos will ever be available. Sorry.
from git-updater.
afragen
commented on July 18, 2024
See #112 for a Settings Page. Hopefully this will put an end to potential security issues.
from git-updater.
Related Issues (20)
- Can't access private theme repo even with personal access token HOT 4
- Tooltips not readable when loading Git Updater settings on mobile HOT 6
- Consider adding link to retrieve GitHub personal access token HOT 10
- PHP Warning: Undefined variable $asset in /var/www/html/wp-content/plugins/git-updater/src/Git_Updater/Traits/API_Common.php on line 71 HOT 18
- Fatal Error GU_Trait HOT 5
- ClassicPress HOT 1
- PHP Fatal error: Call to undefined method Appsero\Insights::add_plugin_data() HOT 8
- Consider option to use tagged releases instead of branch style.css HOT 10
- Advice for troubleshooting Site Health notice with Git Updater HOT 3
- gu_get_remote_plugin cron job stale HOT 5
- Why is there no tab for Bitbucket? HOT 8
- CHANGES.md HOT 1
- php warning: Undefined array key "delete" HOT 11
- Gitlab Tab not showing HOT 2
- Add `Tested up to: x.x` to `README.txt` HOT 3
- Wrong variable name. HOT 1
- "Install Plugin" menu missing HOT 5
- Bitbucket access tokens HOT 22
- Version 11.0.4 implicitly requires PHP 8 HOT 2
- "Call to undefined function Fragen\Git_Updater\move_dir() ..." HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from git-updater.