Hi, all,
i recently discovered that, apparently due to incorrect permissions, a
spambot (or person) had gotten ahold of several of my repos and replaced
_small_ bits of wiki text with links to remote sites. Nothing important was
modified/compromised, but i did have to back and fish out some old
On 1/21/16, Stephan Beal wrote:
>
> - make sure that the 'anonymous' user cannot write to the wiki (nor tickets
> - a prior attack targeted my ticketing system, injecting spam tickets).
>
> - use /reports?view=byuser to make sure that 'anonymous' hasn't made any
> changes.
i suppose banging out some sql wouldn't be out of the question, though i
had not thought of this. it makes perfect sense, though. if i get stuck
i'll ask to see what you came up with. thanks for the suggestion!
On Wed, Jan 20, 2016 at 11:50 PM, Scott Robison
wrote:
> On
On Mon, 18 Jan 2016 at 5:24am, Stephan Beal wrote:
> On Mon, Jan 18, 2016 at 2:17 PM, Carlo Miron wrote:
>
> > Still using Emacs :-?
> >
>
> er yes, but i am adjusting to the right hand for the ctrl key :/. Or
> trying to.
>
Is your Caps-Lock key to the left of the 'A' key
On Thu, Jan 21, 2016 at 5:27 PM, Christopher M. Fuhrman
wrote:
> Is your Caps-Lock key to the left of the 'A' key on your keyboard? If so,
> I've had good luck swapping the Caps-Lock key with the Control key so my
> left pinky doesn't have to do gymnastics to hit Cntrl all
Hi, all,
i recently started using the Blitz skin on all my repos, but
fixed-/max-width pages annoy me to no end, so it go hacked every so
slightly to remove the max width. For anyone interested, here it is:
http://fossil.wanderinghorse.net/download/skin.fossil.wanderinghorse.net
in a format
the "most official" way is exactly what i was looking for, and i did miss
the export/import features. the template feature doesn't appear to do all
i'd like (such as modifying the project description). export/import for my
purposes would be fiddly because of the byte counts and such. perhaps the
On Jan 21, 2016, at 5:15 AM, Stephan Beal wrote:
>
> In one of the cases, someone appended non-trivial text directly relevant to
> the (obscure) topic of the wiki page, indicating that this was (at least in
> part) a person, not a bot.
That sounds like the default ‘m’
On Jan 21, 2016, at 5:21 AM, Richard Hipp wrote:
>
> On 1/21/16, Stephan Beal wrote:
>>
>> - make sure that the 'anonymous' user cannot write to the wiki
>
> I wonder if we could come up with a "security checklist" page of some
> kind that would guide
On 1/21/16, Warren Young wrote:
> Is there a way to add another user category?
No.
>
> Speaking of, is there a plan for what to do when that last letter is
> consumed?
Digits and/or upper-case.
--
D. Richard Hipp
d...@sqlite.org
Il 21/gen/2016 22:47, "Warren Young" ha scritto:
> 2b. developer: Gains all permissions removed above that weren’t given to
reader. May also gain additional permissions besides those not removed
above, resulting in alphabet soup flavors such as the ever popular
bcdefghikmnotw.
Is there a way to allow public HTTP access to a Fossil repo for unprivileged
users only (anonymous, nobody) but make Fossil refuse to do anything sensitive
over HTTP, to force all such traffic over SSH or local DB connections?
That is, could I allow anonymous to clone over HTTP, but if you’re
This is way off topic but an interesting subject.
Trying this is on my to-do list:
http://blog.xkcd.com/2007/08/14/mirrorboard-a-one-handed-keyboard-layout-for-the-lazy/
By using workrave (http://www.workrave.org) religiously - especially micro
breaks - RSI has gone from an escalating problem to
On 1/21/16, Warren Young wrote:
> Is there a way to allow public HTTP access to a Fossil repo for unprivileged
> users only (anonymous, nobody) but make Fossil refuse to do anything
> sensitive over HTTP, to force all such traffic over SSH or local DB
> connections?
Under
Is there a way to add another user category?
In between anonymous and developer, I’d like to add “support,” with permissions
cnouw. i.e. Those permissions useful to someone adding and triaging bugs,
working with the wiki and embedded docs (thus ‘o’), etc. but not actually
working with the
On 1/21/2016 5:35 PM, Stephan Beal wrote:
'こんにちは'
You're in the clear I think Google promises me that meant "Good
afternoon".
--
Ross Berteig r...@cheshireeng.com
Cheshire Engineering Corp. http://www.CheshireEng.com/
On Jan 21, 2016, at 8:38 PM, Andy Bradford wrote:
>
> One method would be to not have any user accounts on the public facing
> HTTP repository. Then setup your SSH access repository location.
> Finally, configure a cronjob that does ``fossil pull'' into the
On Fri, Jan 22, 2016 at 1:08 AM, Richard Hipp wrote:
> On 1/21/16, Warren Young wrote:
> > Speaking of, is there a plan for what to do when that last letter is
> > consumed?
>
> Digits and/or upper-case.
>
Unicode!
update user set capabilities='こんにちは' ...;
Thus said Warren Young on Thu, 21 Jan 2016 14:29:53 -0700:
> Is there a way to allow public HTTP access to a Fossil repo for
> unprivileged users only (anonymous, nobody) but make Fossil refuse to
> do anything sensitive over HTTP, to force all such traffic over SSH or
> local DB
Thus said Warren Young on Thu, 21 Jan 2016 20:56:54 -0700:
> H, I hadn't even considered how privileges were enforced in the
> SSH case. I guess it's just logging in and modifying a local Fossil DB
> on the server, right?
Right, SSH treats the file as local. Specifically, the SSH command
On Thu, Jan 21, 2016 at 11:36 AM, Stephan Beal
wrote:
> On Thu, Jan 21, 2016 at 5:27 PM, Christopher M. Fuhrman <
> cfuhr...@pobox.com> wrote:
>
>> Is your Caps-Lock key to the left of the 'A' key on your keyboard? If so,
>> I've had good luck swapping the Caps-Lock key
21 matches
Mail list logo