Home > Blockchain >  Is it possible to push as someone else?
Is it possible to push as someone else?

Time:12-17

I am pretty new to git & github. Also my english is bad, so I need to explain it in a weird way.

  1. We can see anyone's user name and email (if itsn't private) in github
  2. We can use these at "git config user.name" etc.
  3. After that, clone a repo which belongs to them
  4. Do whatever you want and push

Is this possible? My git didn't ask for a password, or github didn't ask for a merge request?

If it's possible, How can we be protected?

CodePudding user response:

It is not possible to post on GitHub as someone else unless you have their login credentials. GitHub requires users to authenticate their identity before they can make changes to a repository or take other actions on the platform.

However, it is possible to make changes to a repository on behalf of another user. For example, if you have been given permission to contribute to a repository owned by someone else, you can commit changes to the repository using your own user account, but you can specify that the changes were made by the other user by setting the user.name and user.email Git configuration variables to their name and email address.

To do this, you would use the git config command to set the user.name and user.email variables, like this:

git config user.name "Other User"
git config user.email "[email protected]"

You can then make changes to the repository and commit them using your own user account, but the commits will appear to be made by the other user in the repository's history.

It is important to note that this should only be done with the explicit permission of the other user, as it can cause confusion and conflicts if done without their knowledge or consent.

There are a few steps you can take to prevent unauthorized changes from being made to your repository on GitHub:

  1. Enable two-factor authentication for your account: This requires you to provide a second form of authentication in addition to your password when logging in or making certain types of changes.
  2. Set up branch protection rules: These allow you to specify which users or teams are allowed to make changes to specific branches in your repository.
  3. Use pull requests: Pull requests allow you to review and discuss changes before they are merged into your repository. This can help prevent unauthorized changes from being made to your repository.
  4. Keep your repository private: If you don't want anyone to be able to access your repository without your permission, you can keep it private. Private repositories can only be accessed by users who have been explicitly granted access by the repository owner.
  5. Use a secure password: It is important to use a strong, unique password for your GitHub account to prevent unauthorized access.

By following these best practices, you can help protect your repository from unauthorized changes and ensure that only authorized users are able to make changes to it.

  • Related