On 3/3/2015 1:23 PM, Richie Adler wrote:
Petr Ferdus decĂa, en el mensaje "Re: [fossil-users] fossil repolist argument
with winsrv" del 3/3/2015 18:15:56:
BTW fossil server could serve *.fossil files from any subdirectory of
directory it was
invoked with.
From where I sit, this sounds like a security leak waiting to happen.
When sharing files and other resources, you are generally advised to use
a "whitelist" approach where you have a *very* clear idea of exactly
what you are providing access to. This is one of the reasons that fossil
server automatically puts itself in a chroot jail when run as root; the
jail makes it more difficult for a bug in the server to accidentally
leak something.
....
I think a better solution is create a structure where all repositories reside
in the same directory. The source have no such limitation, after all, and the
_FOSSIL_ file contains the path to the repo so there's no need of having them
in several places.
This is the right approach, IMHO. I would go one step further. The
*.fossil files visible to the server should not be the clones you have
opened in each project workspace.
Instead, I would clone my working copy from my server. This has the
advantage of causing every update to automatically be recorded in two
distinct .fossil files. At my office, I've also located that server on a
separate PC, so that each check-in is immediately stored redundantly on
two separate disks. For project repositories shared outside of the
company, I have a third PC with a similar fossil server configured that
is accessible from outside the firewall.
--
Ross Berteig [email protected]
Cheshire Engineering Corp. http://www.CheshireEng.com/
_______________________________________________
fossil-users mailing list
[email protected]
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
