[fossil-users] warning: bots injecting spam into fossil-hosted wikis

Hi, all, i recently discovered that, apparently due to incorrect permissions, a spambot (or person) had gotten ahold of several of my repos and replaced _small_ bits of wiki text with links to remote sites. Nothing important was modified/compromised, but i did have to back and fish out some old

Re: [fossil-users] warning: bots injecting spam into fossil-hosted wikis

On 1/21/16, Stephan Beal wrote: > > - make sure that the 'anonymous' user cannot write to the wiki (nor tickets > - a prior attack targeted my ticketing system, injecting spam tickets). > > - use /reports?view=byuser to make sure that 'anonymous' hasn't made any > changes.

Re: [fossil-users] is fossil repo web configuration possible from command-line?

i suppose banging out some sql wouldn't be out of the question, though i had not thought of this. it makes perfect sense, though. if i get stuck i'll ask to see what you came up with. thanks for the suggestion! On Wed, Jan 20, 2016 at 11:50 PM, Scott Robison wrote: > On

Re: [fossil-users] Semi-annual drumming-up-of-support for libfossil

On Mon, 18 Jan 2016 at 5:24am, Stephan Beal wrote: > On Mon, Jan 18, 2016 at 2:17 PM, Carlo Miron wrote: > > > Still using Emacs :-? > > > > er yes, but i am adjusting to the right hand for the ctrl key :/. Or > trying to. > Is your Caps-Lock key to the left of the 'A' key

Re: [fossil-users] Semi-annual drumming-up-of-support for libfossil

On Thu, Jan 21, 2016 at 5:27 PM, Christopher M. Fuhrman wrote: > Is your Caps-Lock key to the left of the 'A' key on your keyboard? If so, > I've had good luck swapping the Caps-Lock key with the Control key so my > left pinky doesn't have to do gymnastics to hit Cntrl all

[fossil-users] slightly hacked Blitz skin

Hi, all, i recently started using the Blitz skin on all my repos, but fixed-/max-width pages annoy me to no end, so it go hacked every so slightly to remove the max width. For anyone interested, here it is: http://fossil.wanderinghorse.net/download/skin.fossil.wanderinghorse.net in a format

Re: [fossil-users] is fossil repo web configuration possible from command-line?

the "most official" way is exactly what i was looking for, and i did miss the export/import features. the template feature doesn't appear to do all i'd like (such as modifying the project description). export/import for my purposes would be fiddly because of the byte counts and such. perhaps the

Re: [fossil-users] warning: bots injecting spam into fossil-hosted wikis

On Jan 21, 2016, at 5:15 AM, Stephan Beal wrote: > > In one of the cases, someone appended non-trivial text directly relevant to > the (obscure) topic of the wiki page, indicating that this was (at least in > part) a person, not a bot. That sounds like the default ‘m’

Re: [fossil-users] warning: bots injecting spam into fossil-hosted wikis

On Jan 21, 2016, at 5:21 AM, Richard Hipp wrote: > > On 1/21/16, Stephan Beal wrote: >> >> - make sure that the 'anonymous' user cannot write to the wiki > > I wonder if we could come up with a "security checklist" page of some > kind that would guide

Re: [fossil-users] Adding user categories

On 1/21/16, Warren Young wrote: > Is there a way to add another user category? No. > > Speaking of, is there a plan for what to do when that last letter is > consumed? Digits and/or upper-case. -- D. Richard Hipp d...@sqlite.org

Re: [fossil-users] warning: bots injecting spam into fossil-hosted wikis

Il 21/gen/2016 22:47, "Warren Young" ha scritto: > 2b. developer: Gains all permissions removed above that weren’t given to reader. May also gain additional permissions besides those not removed above, resulting in alphabet soup flavors such as the ever popular bcdefghikmnotw.

[fossil-users] Restrict password authenticated operations to SSH?

Is there a way to allow public HTTP access to a Fossil repo for unprivileged users only (anonymous, nobody) but make Fossil refuse to do anything sensitive over HTTP, to force all such traffic over SSH or local DB connections? That is, could I allow anonymous to clone over HTTP, but if you’re

Re: [fossil-users] Semi-annual drumming-up-of-support for libfossil

This is way off topic but an interesting subject. Trying this is on my to-do list: http://blog.xkcd.com/2007/08/14/mirrorboard-a-one-handed-keyboard-layout-for-the-lazy/ By using workrave (http://www.workrave.org) religiously - especially micro breaks - RSI has gone from an escalating problem to

Re: [fossil-users] Restrict password authenticated operations to SSH?

On 1/21/16, Warren Young wrote: > Is there a way to allow public HTTP access to a Fossil repo for unprivileged > users only (anonymous, nobody) but make Fossil refuse to do anything > sensitive over HTTP, to force all such traffic over SSH or local DB > connections? Under

[fossil-users] Adding user categories

Is there a way to add another user category? In between anonymous and developer, I’d like to add “support,” with permissions cnouw. i.e. Those permissions useful to someone adding and triaging bugs, working with the wiki and embedded docs (thus ‘o’), etc. but not actually working with the

Re: [fossil-users] Adding user categories

On 1/21/2016 5:35 PM, Stephan Beal wrote: 'こんにちは' You're in the clear I think Google promises me that meant "Good afternoon". -- Ross Berteig r...@cheshireeng.com Cheshire Engineering Corp. http://www.CheshireEng.com/

Re: [fossil-users] Restrict password authenticated operations to SSH?

On Jan 21, 2016, at 8:38 PM, Andy Bradford wrote: > > One method would be to not have any user accounts on the public facing > HTTP repository. Then setup your SSH access repository location. > Finally, configure a cronjob that does ``fossil pull'' into the

Re: [fossil-users] Adding user categories

On Fri, Jan 22, 2016 at 1:08 AM, Richard Hipp wrote: > On 1/21/16, Warren Young wrote: > > Speaking of, is there a plan for what to do when that last letter is > > consumed? > > Digits and/or upper-case. > Unicode! update user set capabilities='こんにちは' ...;

Re: [fossil-users] Restrict password authenticated operations to SSH?

Thus said Warren Young on Thu, 21 Jan 2016 14:29:53 -0700: > Is there a way to allow public HTTP access to a Fossil repo for > unprivileged users only (anonymous, nobody) but make Fossil refuse to > do anything sensitive over HTTP, to force all such traffic over SSH or > local DB

Re: [fossil-users] Restrict password authenticated operations to SSH?

Thus said Warren Young on Thu, 21 Jan 2016 20:56:54 -0700: > H, I hadn't even considered how privileges were enforced in the > SSH case. I guess it's just logging in and modifying a local Fossil DB > on the server, right? Right, SSH treats the file as local. Specifically, the SSH command

Re: [fossil-users] Semi-annual drumming-up-of-support for libfossil

On Thu, Jan 21, 2016 at 11:36 AM, Stephan Beal wrote: > On Thu, Jan 21, 2016 at 5:27 PM, Christopher M. Fuhrman < > cfuhr...@pobox.com> wrote: > >> Is your Caps-Lock key to the left of the 'A' key on your keyboard? If so, >> I've had good luck swapping the Caps-Lock key