Hi, just getting started with Fossil. We're using it mostly for the issue tracker. I'm not very familiar with networking/security in an organisation, so hopefully someone can give me some advice. I've done a search through the mailing list archives for "security", "login attempts", "login lock", without much success.
At the moment I've just got it naively running on an Windows Server 2008 machine, using "fossil server MyRepoName". I've opened our windows firewall to port 8080. At the moment the machine is only accessible via LAN, but we're considering opening up the machine to the internet by forwarding port 8080 from a modem/router. The stuff we're putting on fossil isn't particularly important so we're not too concerned about people intercepting communications (thus we're not investigating SSH), but we are concerned about vandalism, people accessing other things on our network, people messing with the server machine, etc. - Are there any other precautions I should be taking to make things safer? - Is Fossil safe to run exposed to the internet like that? (or should we consider hosting it externally, for example) - By default, there doesn't seem to be a feature to stop brute-force attacks on passwords, like a max-number-of-invalid-logins thing. Are there ways to protect our user accounts from such attacks? - It would also be good to be able to limit Administrator access to only the local PC or local LAN, is there a way to do this? Thanks, zchen
_______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
