On 28/10/13 13:39, Jan Nijtmans wrote: [---] > Conclusion: your branch works fine as long as the password is > not taken from the (https) url. > > I hope this feedback is useful to you.
Yes, very useful. We only use client certificates, and apache is set up to set REMOTE_USER from the client certificate, and fossil uses REMOTE_USER without authentication -- so the case where user passes password via the url is one which I had missed completely. I'll fix as this weekend or so. Thanks for trying/reporting! /Jan _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
