top | item 5822513

(no title)

Has bitbucket had any security issues like github has had in the past?

discuss

They had one I reported Oct 2010, took a while to convince was an issue and they finally fixed a few months after saying they would. The URLS for attachments to private issues in private repos were guessable and publicly accessible if you guessed right (ie no authentication for them).

The URLs were like this https://bitbucket-assetroot.s3.amazonaws.com/<username&#...

Obviously a bit tedious to guess for humans, but no big deal for computers.

orangethirty|12 years ago

Do you put this issue in the same level as the ones github has had?

jespern|12 years ago

We've never had a breach.

kelnos|12 years ago

... that you know of.

I think the parent was asking a broader question, even including security issues that were brought up and fixed without being exploited.

yawaramin|12 years ago

They have a neat status page similar to GitHub's: http://status.bitbucket.org/