Thanks for the reply. But even with password authentication turned on, it seems like an unauthenticated user can still do things like probe which urls exist and which don't. I guess this isn't a big deal, but it made me wonder if there was some way to prevent that as well. I guess if I need that I should look into the apache methods of restricting access...
Thanks, -Emin On Jul 17, 1:17 pm, "Jason Winnebeck" <[EMAIL PROTECTED]> wrote: > If you are using password authentication already, and don't allow > non-authenticated use of Trac, then about the only thing more that I can > see is to use SSL to serve Trac pages if you are not already, and if you > are concerned about password hacking you could go as far as SSL client > certificates, but that is hard to set up. > > So, in short: > * Authentication helps to protect you against unsolicited visitors > * SSL encryption helps to protect you against eavesdroppers > * SSL client certificates help to protect you against crackers > > Jason > > > > -----Original Message----- > From: [email protected] [mailto:[EMAIL PROTECTED] > > On Behalf Of Emin > Sent: Tuesday, July 17, 2007 10:37 AM > To: Trac Users > Subject: [Trac] How do I secure trac from anonymous users? > > Dear Experts, > > How do I ensure that only users with valid logins have access to my > trac instance? I removed all permissions from the anonymous user and > followed the instructions in the install guide to use htpasswd to > provide authenticated accounts to users. But it seems like it may/ > should be possible to secure things further. What else can/should I do > to protect a trac instance accessable on the Internet as opposed to an > Intranet. > > Thanks, > -Emin- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
