On Tue, Oct 11, 2011 at 10:59 PM, Richard Hipp <[email protected]> wrote:
> If you are using .htaccess style authentication for a Fossil instance on a > website, you have to check the "Allow REMOTE_USER authentication" box on the > /Admin/Access page to enable it. That's a little obscure. I wonder if we > should just make Fossil honor REMOTE_USER by default when it is running as > CGI. Are there any adverse security considerations here? Just so i don't overlook this in the JSON API: does the REMOTE_USER handling change how fossil sends/uses the authentication cookie? (If not then JSON mode "should" support REMOTE_USER as-is.) -- ----- stephan beal http://wanderinghorse.net/home/stephan/
_______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
