craft your forge, build your project, grow your community freely
1---
2id: "9c67"
3priority: 100
4sprint: ""
5status: close
6assignee: null
7kind: issue
8---
910# Security breach in right to write
1112The right to write is good to check that a plugin don't make dangerous write. But a malicious user can change that in its branch and write...
1314A possible solution is to mount the pluginRun from defaultBranch, but complexe scenarios where user want to try something in branch will be not possible.
1516Maybe check that the push user has the right to do what it try to do?
1718---
1920After too long debug it's not possible to hack by modifying conf. We use always `defaultBranch` plugins conf.
2122I close this issue, but one day, user will want to try some conf in other conf before merge!