Quantcast
Channel: Download from Github Package Registry without authentication
Viewing all articles
Browse latest Browse all 60

Download from Github Package Registry without authentication

$
0
0

This solution works with a huge flaw. I gave users instructions to add the encoded PAT in the repository URL of their settings.xml, so they can download artifacts from my repo when building their stuff. They don’t necessarily have a GitHub account, nor should need one for this, as long as they use the PAT I made for them.

But now this can be effortlessly broken at will by anybody! They just need to copy the un-encoded PAT (which is just one letter away) and uploading a .txt file with it to any random repo… BAM! GitHub will revoke the PAT for everybody.

Read full topic


Viewing all articles
Browse latest Browse all 60

Latest Images

Trending Articles



Latest Images