On Thu, 31 May 2012 12:00:48 +1000 "Chen, Zon" wrote:
> - By default, there doesn't seem to be a feature to stop brute-force > attacks on passwords, like a max-number-of-invalid-logins thing. Are > there ways to protect our user accounts from such attacks? TLS/SSL (https) is the first step towards protecting password security in all matters www. Even though this would be on top of the measures fossil is taking to not send a password in clear text over the wire. I think stunnel works on windows. Good question about the max number of login attempts. > - It would also be good to be able to limit Administrator access to > only the local PC or local LAN, is there a way to do this? You mean the administration of the fossil project right? Windows does have file permissions, and the user that fossil is being run as is up to you. Sadly this is so over complicated in windows that it can be hard to say when everything is actually configured correctly. hint - watch those inherited permissions! I'm only half joking when I say it's easier to just learn linux. :) -- www.thomasstover.com _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
