Fossil SCM
Improved documentation for the "localauth" setting.
Commit
883c2ea218b590735895c77657929e2af8f3b749360c221f097b456c296d0dac
Parent
e0a6ff0adb3da82…
1 file changed
+31
-4
M
src/db.c
+31
-4
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -3202,14 +3202,41 @@ | ||
| 3202 | 3202 | ** The value is a comma or newline-separated list of GLOB |
| 3203 | 3203 | ** patterns specifying files that the "clean" command will keep. |
| 3204 | 3204 | */ |
| 3205 | 3205 | /* |
| 3206 | 3206 | ** SETTING: localauth boolean default=off |
| 3207 | -** If enabled, require that HTTP connections from | |
| 3208 | -** 127.0.0.1 be authenticated by password. If | |
| 3209 | -** false, all HTTP requests from localhost have | |
| 3210 | -** unrestricted access to the repository. | |
| 3207 | +** If enabled, require that HTTP connections from the loopback | |
| 3208 | +** address (127.0.0.1) be authenticated by password. If false, | |
| 3209 | +** some HTTP requests might be granted full "Setup" user | |
| 3210 | +** privileges without having to present login credentials. | |
| 3211 | +** This mechanism allows the "fossil ui" command to provide | |
| 3212 | +** full access to the repository without requiring the user to | |
| 3213 | +** log in first. | |
| 3214 | +** | |
| 3215 | +** In order for full "Setup" privilege to be granted without a | |
| 3216 | +** login, the following conditions must be met: | |
| 3217 | +** | |
| 3218 | +** (1) This setting ("localauth") must be off | |
| 3219 | +** (2) The HTTP request arrive over the loopback TCP/IP | |
| 3220 | +** address (127.0.01) or else via SSH. | |
| 3221 | +** (3) The request must be HTTP, not HTTPS. (This | |
| 3222 | +** restriction is designed to help prevent accidentally | |
| 3223 | +** providing "Setup" privileges to requests arriving | |
| 3224 | +** over a reverse proxy.) | |
| 3225 | +** (4) The command that launched the fossil server must be | |
| 3226 | +** one of the following: | |
| 3227 | +** (a) "fossil ui" | |
| 3228 | +** (b) "fossil server" with the --localauth option | |
| 3229 | +** (c) "fossil http" with the --localauth option | |
| 3230 | +** (d) CGI with the "localauth" setting in the cgi script. | |
| 3231 | +** | |
| 3232 | +** For maximum security, set "localauth" to 1. However, because | |
| 3233 | +** of the other restrictions (2) through (4), it should be safe | |
| 3234 | +** to leave "localauth" set to 0 in most installations, and | |
| 3235 | +** especially on cloned repositories on workstations. Leaving | |
| 3236 | +** "localauth" at 0 makes the "fossil ui" command more convenient | |
| 3237 | +** to use. | |
| 3211 | 3238 | */ |
| 3212 | 3239 | /* |
| 3213 | 3240 | ** SETTING: main-branch width=40 default=trunk |
| 3214 | 3241 | ** The value is the primary branch for the project. |
| 3215 | 3242 | */ |
| 3216 | 3243 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -3202,14 +3202,41 @@ | |
| 3202 | ** The value is a comma or newline-separated list of GLOB |
| 3203 | ** patterns specifying files that the "clean" command will keep. |
| 3204 | */ |
| 3205 | /* |
| 3206 | ** SETTING: localauth boolean default=off |
| 3207 | ** If enabled, require that HTTP connections from |
| 3208 | ** 127.0.0.1 be authenticated by password. If |
| 3209 | ** false, all HTTP requests from localhost have |
| 3210 | ** unrestricted access to the repository. |
| 3211 | */ |
| 3212 | /* |
| 3213 | ** SETTING: main-branch width=40 default=trunk |
| 3214 | ** The value is the primary branch for the project. |
| 3215 | */ |
| 3216 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -3202,14 +3202,41 @@ | |
| 3202 | ** The value is a comma or newline-separated list of GLOB |
| 3203 | ** patterns specifying files that the "clean" command will keep. |
| 3204 | */ |
| 3205 | /* |
| 3206 | ** SETTING: localauth boolean default=off |
| 3207 | ** If enabled, require that HTTP connections from the loopback |
| 3208 | ** address (127.0.0.1) be authenticated by password. If false, |
| 3209 | ** some HTTP requests might be granted full "Setup" user |
| 3210 | ** privileges without having to present login credentials. |
| 3211 | ** This mechanism allows the "fossil ui" command to provide |
| 3212 | ** full access to the repository without requiring the user to |
| 3213 | ** log in first. |
| 3214 | ** |
| 3215 | ** In order for full "Setup" privilege to be granted without a |
| 3216 | ** login, the following conditions must be met: |
| 3217 | ** |
| 3218 | ** (1) This setting ("localauth") must be off |
| 3219 | ** (2) The HTTP request arrive over the loopback TCP/IP |
| 3220 | ** address (127.0.01) or else via SSH. |
| 3221 | ** (3) The request must be HTTP, not HTTPS. (This |
| 3222 | ** restriction is designed to help prevent accidentally |
| 3223 | ** providing "Setup" privileges to requests arriving |
| 3224 | ** over a reverse proxy.) |
| 3225 | ** (4) The command that launched the fossil server must be |
| 3226 | ** one of the following: |
| 3227 | ** (a) "fossil ui" |
| 3228 | ** (b) "fossil server" with the --localauth option |
| 3229 | ** (c) "fossil http" with the --localauth option |
| 3230 | ** (d) CGI with the "localauth" setting in the cgi script. |
| 3231 | ** |
| 3232 | ** For maximum security, set "localauth" to 1. However, because |
| 3233 | ** of the other restrictions (2) through (4), it should be safe |
| 3234 | ** to leave "localauth" set to 0 in most installations, and |
| 3235 | ** especially on cloned repositories on workstations. Leaving |
| 3236 | ** "localauth" at 0 makes the "fossil ui" command more convenient |
| 3237 | ** to use. |
| 3238 | */ |
| 3239 | /* |
| 3240 | ** SETTING: main-branch width=40 default=trunk |
| 3241 | ** The value is the primary branch for the project. |
| 3242 | */ |
| 3243 |