On Jun 30, 2017, at 11:42 AM, Richard Hipp <d...@sqlite.org> wrote: > > Trunk now contains a "Security Audit" page whose purpose is to review > the countless settings and configuration options in Fossil and try to > sniff out undesirable misconfigurations.
Yay! Does it automate the permission sanity checks I posted to the -users list once upon a time? https://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg22473.html A possible improvement: its check for the forced-HTTPS option should be smart enough to try connecting to $hostname on port 80 to see if it gets an immediate redirect to port 443, and if so, suppress the warning. I haven’t had this setting enabled on my repos because I enforce HTTPS at the front-end proxy layer on my public Fossil instances. Obviously there’s an easy workaround: enable the setting to placate the tool, but I don’t *like* placating tools. :) _______________________________________________ fossil-dev mailing list fossil-dev@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev