From ea755bc141f9dc3c0ccabe6bb6a7ab6e275afc54 Mon Sep 17 00:00:00 2001
From: Richard Maw <richard.maw@gmail.com>
Date: Sun, 8 Jan 2017 15:20:26 +0000
Subject: testing: Disable variable dump by default

It's a security risk to allow gitano to write to an arbitrary path
based on the value of an environment variable.

It's low risk since by default gitano is run directly by
the http or ssh server, which do not set variables by default,
but it's trivial enough to leave it commented out.
---
 TESTING | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'TESTING')

diff --git a/TESTING b/TESTING
index 1619666..c50744c 100644
--- a/TESTING
+++ b/TESTING
@@ -262,7 +262,8 @@ depends on the operation, and in many cases the data in the repository.
 
 This makes it difficult to know exactly what variables are available.
 
-To aid with this, if `GITANO_DUMP_VARIABLE_FILE` is set in the environment
+To aid with this uncomment the block in `lib/gitano/lace.lua`
+and if `GITANO_DUMP_VARIABLE_FILE` is set in the environment
 it will write a table of variables and the operations they exist in
 to the file path in `GITANO_DUMP_VARIABLE_FILE`.
 
-- 
cgit v1.2.1