We ran this command:
git svn clone --ignore-paths="^(api.freshports.org|backend|convert|daemontools|database-schema|dataconversion|db-conversion|develop|ports|scripts|scripts-fp2|secure|walkports)" svn+ssh://email@example.com/usr/local/svn/repos/freshports-1
Yeah, I didn’t want to include all that that code in the repo. Various reasons, but mostly because they are not related to the website.
What’s in there?
I found some passwords in there. They are in sample configuration files. They are neither production nor development passwords. At one they, they were used.
You’ll also find cookie encoding functions. If you know someone’s login name, you can figure create your own cookie and login as them.
What do I have to do first?
Here’s what I have to do before I’m ready to upload the code to GitHub.
- check passwords
- change cookie encoding
In the meantime, if you have any questions, we’re on IRC at #FreshPorts on FreeNode.
Yeah, it’s more vulnerable now
I admit it. FreshPorts is now easier to attack, given you have all the web source. Or will, soon.