If you are using password authentication already, and don't allow non-authenticated use of Trac, then about the only thing more that I can see is to use SSL to serve Trac pages if you are not already, and if you are concerned about password hacking you could go as far as SSL client certificates, but that is hard to set up.
So, in short: * Authentication helps to protect you against unsolicited visitors * SSL encryption helps to protect you against eavesdroppers * SSL client certificates help to protect you against crackers Jason -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Emin Sent: Tuesday, July 17, 2007 10:37 AM To: Trac Users Subject: [Trac] How do I secure trac from anonymous users? Dear Experts, How do I ensure that only users with valid logins have access to my trac instance? I removed all permissions from the anonymous user and followed the instructions in the install guide to use htpasswd to provide authenticated accounts to users. But it seems like it may/ should be possible to secure things further. What else can/should I do to protect a trac instance accessable on the Internet as opposed to an Intranet. Thanks, -Emin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
