I’ve created a ticket on a publicly served repository, and entered a
contact e-mail address for the ticket. When I edit the ticket, I can
see the e-mail address fine. After synchronizing my local
repository, viewing the ticket using `fossil ui` locally, the ticket
shows up identically, except that the contact is now a seemingly
random hexadecimal string, and not the e-mail I entered.
How is the contact info garbled? I assume it’s being encrypted
using some other ticket-related info, but I can't figure out why it
would decrypt to something else here...
Op 29-8-2012 11:57, Richard Hipp schreef:
This is a feature, not a bug.
Information which some people consider to be sensitive (such as the
contact-information) is not stored in the database directly. Instead, a
SHA1 hash of the information is stored. There is a separate table in
the repository database, the CONCEALED table, that stores a mapping from
these hashes back to the original text.
That confirms my suspicion. Kudos for not storing sensitive info as-is,
by the way! Hardly a month goes by these days that there’s no news
about some website that’s been hacked where usernames and passwords were
stored as-is.
Only authorized users are
allowed to clone or sync the CONCEALED table, and hence only authorized
users are able to see the sensitive information.
Thanks for the explanation!
So what determines who is authorized? My remote-url includes a username
and password with developer permissions for the remote repository, so I
would have expected the concealed info to come along when syncing.
This doesn’t seem to have happened, however.
I’ve now manually copied the relevant record from the remote server’s
repository, which fixed the immediate problem. I’ll try to see if I can
replicate the issue.
--
Martijn Coppoolse
_______________________________________________
fossil-users mailing list
[email protected]
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
