1

it is possible that an Azure website even after being configured to use Bitbucket for automated deployment, can still accept updated triggered manually if it previously had a git (SCM) repository exposed?

Am asking because of late, much as I hadn't pushed any commits on my Bitbucket, I noticed that there were changes to the Azure website which I hadn't created myself!

The thing that causes me trouble is that a developer who left the team a while back had access to the Azure dashboard (now access removed), and also that he possibly had access to the ftp account for the website and also its original git-deployment repo (hosted on app.scm.azurewebsites.net:443/app.git). So this last bit makes me think he could still be able to push commits directly to the branch from which azure deploys, and possibly compromise our live app!

Please help educate me on this.

JWL
  • 185
  • 1
  • 2
  • 8

1 Answers1

1

Yes, it is possible to 'git push' to the site if Bitbucket is enabled. If you go to the Deployments tab, you should see what commits have been deployed. Are you seeing one that shouldn't be there?

Things you should do:

  • Reset the Publishing profile (from the dashboard tab)
  • Make sure that the user is not a co-admin on the subscription
David Ebbo
  • 141
  • 3
  • Yes, I actually tested it myself and found that I could push directly to the git endpoint on Azure as well indirectly via a commit to the tracked Bitbucket repo branch. Anyways, I finally reset the deployment credentials, and the subscription access has been revised as well. Thanks. – JWL Nov 19 '14 at 07:13