On Sun, 2011-11-13 at 16:14 +0100, Jan Danielsson wrote: > On 11/13/11 12:39, ST wrote: > > 3) as far as I understand if one accidentally starts fossil > > server/fossil ui - it will provide insecure access to the repository > > even if one had configured inetd/stunnel/fossil to use SSL, right? Is > > there a way to avoid such situations and force fossil to always use SSL? > > Depending on the situation, it may be relevant to note that "fossil > ui" only listens on localhost.
So there is no chance that somebody from another IP will be able to access the repository, even if he has valid user login/password, right? > > "fossil server" does not currently support SSL, though if there's > interest in this, I can look into it. yes, there is. Thank you in advance! Should I open a feature request? (if yes where can I do it?) > > (For completeness, I mention setting up Fossil as a cgi application > using apache, because you can fine-tune access to the repository using > client certificate rules). Let's assume I did it. What happens when I accidentally start fossil server on a port different from that of apache? It will provide access to the repository without SSL, so neither apache nor stunnel do not help in such situation, correct? > > > 4) what happens if one autosync/pull/push from a remote repository, does > > it also expose the local repository as in 3) ? > > I don't quite understand what you're asking -- are you asking if > sync/pull/push temporarily starts a server? If that's the case, then the > answer is no. yes, that's what I meant :) Thank you, ST _______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
