Details
-
Bug
-
Resolution: Fixed
-
High
Description
- I created a private empty repository in bitbucket (using browser)
- I associated a local VS13 project with the bitbucket repo url (using VS)
- I was able to push files to the bitbucket url without authenticating (using VS)
Why was I able to push data to a private bitbucket repo url, and I was never prompted for credentials? So anyone who had the url could have pushed data to my private repo?
When I check repo settings, the checkbox is still enabled for "This is a private repository"...