2c7be52fc2
Summary: Two goals: - If an attacker compromises an administrator account (without compromising the host itself), they can currently take advantage of vulnerabilities in prototype applications by enabling the applications, then exploiting the vulnerability. Locking this option requires CLI access to enable prototypes, so installs which do not have prototypes enabled have no exposure to security issues in prototype applications. - Making this very slightly harder to enable is probably a good thing, given the state of the world and support. Test Plan: Verified that web UI shows the value is locked and instructs the user to update via the CLI. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Differential Revision: https://secure.phabricator.com/D10993
Phabricator is an open source collection of web applications which help software companies build better software. Phabricator includes applications for: - reviewing and auditing source code; - hosting and browsing repositories; - assembling a party to venture forth; - tracking bugs; - hiding stuff from coworkers; and - also some other things. You can learn more about the project (and find links to documentation and resources) [[http://phabricator.org/ | here]]. Phabricator is developed and maintained by [[http://phacility.com/ | Phacility]]. The first version of Phabricator was originally built at Facebook. = LICENSE = Phabricator is released under the Apache 2.0 license except as otherwise noted.