The repo is an open SQLite db. You can browse it easily with any 3rd party SQLite viewer/editor or your own code. The passwords are hashed but available. As are the user settings. So, someone could edit the user guest cap to 'as' and do whatever. Better to encrypt the repo when in transit.
On Tue, Mar 17, 2015 at 11:44 PM, Byung-Jae Kwak <[email protected]> wrote: > Hello, > > Suppose I have .fossil file on a thumb drive and I lost it. > If all the privileges of all the accounts in the repository have > been disabled except for the admin account, and the admin > account is protected with a fairly strong password, > can I assume the content in the repository is reasonably > safe? > > BJ > _______________________________________________ > fossil-users mailing list > [email protected] > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users >
_______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
