Fossil SCM

Many new permission checks for the security-audit page.

drh 2017-06-30 16:13 UTC security-audit
Commit c12ffe2ce12e92a688099cf76744184ca7268b03aec1b515a3d1eb0350d450cb
Parent 7f29e2640ab5d1d…
1 file changed +95 -8
~ src/security_audit.c
M src/security_audit.c
+95 -8
--- src/security_audit.c
+++ src/security_audit.c
@@ -68,12 +68,12 @@
6868
 @ immediately! Or, at least remove the Setup and Admin privileges
6969
 @ for users "anonymous" and "login" on the
7070
 @ <a href="setup_ulist">User Configuration</a> page.
7171
 }else if( hasAnyCap(zAnonCap,"y") ){
7272
 @ <li><p>This repository is <big><b>INSECURE</b></big> because
73
- @ it allows anonymous users to push unversioned files. You can
74
- @ fix this by <a href="takeitprivate">taking the repository private</a>
73
+ @ it allows anonymous users to push unversioned files.
74
+ @ <p>Fix this by <a href="takeitprivate">taking the repository private</a>
7575
 @ or by removing the "y" permission from users "anonymous" and
7676
 @ "nobody" on the <a href="setup_ulist">User Configuration</a> page.
7777
 }else if( hasAnyCap(zAnonCap,"goz") ){
7878
 @ <li><p>This repository is <big><b>PUBLIC</b></big>. All
7979
 @ checked-in content can be accessed by anonymous passers-by on the
@@ -84,24 +84,111 @@
8484
 }else{
8585
 @ <li><p>This repository is <big><b>Mostly PRIVATE</b></big>.
8686
 @ A valid login and password is usually required, however some
8787
 @ content can be accessed anonymously:
8888
 @ <ul>
89
- if( zPubPages && zPubPages[0] ){
90
- @ <li> URLs that matches one of these GLOB patterns:
91
- @ "%h(zPubPages)" (Change this using the "Public pages" setting
92
- @ on the <a href="setup_access">Access Settings</a> page.)
93
- }
9489
 if( hasAnyCap(zAnonCap,"j") ){
9590
 @ <li> Wiki pages
9691
 }
9792
 if( hasAnyCap(zAnonCap,"r") ){
9893
 @ <li> Tickets
9994
 }
95
+ if( zPubPages && zPubPages[0] ){
96
+ Glob *pGlob = glob_create(zPubPages);
97
+ int i;
98
+ @ <li> URLs that matches any of these GLOB patterns:
99
+ @ <ul>
100
+ for(i=0; i<pGlob->nPattern; i++){
101
+ @ <li> %h(pGlob->azPattern[i])
102
+ }
103
+ @ </ul>
104
+ }
100105
 @ </ul>
106
+ if( zPubPages && zPubPages[0] ){
107
+ @ <p>Change GLOB patterns exceptions using the "Public pages" setting
108
+ @ on the <a href="setup_access">Access Settings</a> page.</p>
109
+ }
110
+ }
111
+
112
+ /* Make sure the HTTPS is required for login, so that the password
113
+ ** does not go across the internet in the clear.
114
+ */
115
+ if( db_get_boolean("redirect-to-https",0)==0 ){
116
+ @ <li><p><b>WARNING:</b>
117
+ @ Login passwords can be sent over an unencrypted connection.
118
+ @ <p>Fix this by activating the "Redirect to HTTPS on the Login page"
119
+ @ setting on the <a href="setup_access">Access Control</a> page.
120
+ }
121
+
122
+ /* Anonymous users should not be able to harvest email addresses
123
+ ** from tickets.
124
+ */
125
+ if( hasAnyCap(zAnonCap, "e") ){
126
+ @ <li><p><b>WARNING:</b>
127
+ @ Anonymous users can view email addresses and other personally
128
+ @ identifiable information on tickets.
129
+ @ <p>Fix this by removing the "Email" privilege from users
130
+ @ "anonymous" and "nobody" on the
131
+ @ <a href="setup_ulist">User Configuration</a> page.
132
+ }
133
+
134
+ /* Anonymous users probably should not be allowed to push content
135
+ ** to the repository.
136
+ */
137
+ if( hasAnyCap(zAnonCap, "i") ){
138
+ @ <li><p><b>WARNING:</b>
139
+ @ Anonymous users can push new check-ins into the repository.
140
+ @ <p>Fix this by removing the "Check-in" privilege from users
141
+ @ "anonymous" and "nobody" on the
142
+ @ <a href="setup_ulist">User Configuration</a> page.
143
+ }
144
+
145
+ /* Anonymous users probably should not be allowed act as moderators
146
+ ** for wiki or tickets.
147
+ */
148
+ if( hasAnyCap(zAnonCap, "lq") ){
149
+ @ <li><p><b>WARNING:</b>
150
+ @ Anonymous users can act as moderators for wiki and/or tickets.
151
+ @ This defeats the whole purpose of moderation.
152
+ @ <p>Fix this by removing the "Mod-Wiki" and "Mod-Tkt"
153
+ @ privilege from users "anonymous" and "nobody" on the
154
+ @ <a href="setup_ulist">User Configuration</a> page.
155
+ }
156
+
157
+ /* Anonymous users probably should not be allowed to delete
158
+ ** wiki or tickets.
159
+ */
160
+ if( hasAnyCap(zAnonCap, "d") ){
161
+ @ <li><p><b>WARNING:</b>
162
+ @ Anonymous users can delete wiki and tickets.
163
+ @ <p>Fix this by removing the "Delete"
164
+ @ privilege from users "anonymous" and "nobody" on the
165
+ @ <a href="setup_ulist">User Configuration</a> page.
166
+ }
167
+
168
+ /* If anonymous users are allowed to create new Wiki, then
169
+ ** wiki moderation should be activated to pervent spam.
170
+ */
171
+ if( hasAnyCap(zAnonCap, "fk") ){
172
+ if( db_get_boolean("modreq-wiki",0)==0 ){
173
+ @ <li><p><b>WARNING:</b>
174
+ @ Anonymous users can create or edit wiki without moderation.
175
+ @ This can result in robots inserting lots of wiki spam into
176
+ @ repository.
177
+ @ <p>Fix this by removing the "New-Wiki" and "Write-Wiki"
178
+ @ privileges from users "anonymous" and "nobody" on the
179
+ @ <a href="setup_ulist">User Configuration</a> page or
180
+ @ by enabling wiki moderation on the
181
+ @ <a href="setup_modreq">Moderation Setup</a> page.
182
+ }else{
183
+ @ <li><p>
184
+ @ Anonymous users can create or edit wiki, but moderator
185
+ @ approval is required before the edits become permanent.
186
+ }
101187
 }
102
-
188
+
189
+ @ </ol>
103190
 style_footer();
104191
 }
105192
106193
 /*
107194
 ** WEBPAGE: takeitprivate
108195
--- src/security_audit.c
+++ src/security_audit.c
@@ -68,12 +68,12 @@
68 @ immediately! Or, at least remove the Setup and Admin privileges
69 @ for users "anonymous" and "login" on the
70 @ <a href="setup_ulist">User Configuration</a> page.
71 }else if( hasAnyCap(zAnonCap,"y") ){
72 @ <li><p>This repository is <big><b>INSECURE</b></big> because
73 @ it allows anonymous users to push unversioned files. You can
74 @ fix this by <a href="takeitprivate">taking the repository private</a>
75 @ or by removing the "y" permission from users "anonymous" and
76 @ "nobody" on the <a href="setup_ulist">User Configuration</a> page.
77 }else if( hasAnyCap(zAnonCap,"goz") ){
78 @ <li><p>This repository is <big><b>PUBLIC</b></big>. All
79 @ checked-in content can be accessed by anonymous passers-by on the
@@ -84,24 +84,111 @@
84 }else{
85 @ <li><p>This repository is <big><b>Mostly PRIVATE</b></big>.
86 @ A valid login and password is usually required, however some
87 @ content can be accessed anonymously:
88 @ <ul>
89 if( zPubPages && zPubPages[0] ){
90 @ <li> URLs that matches one of these GLOB patterns:
91 @ "%h(zPubPages)" (Change this using the "Public pages" setting
92 @ on the <a href="setup_access">Access Settings</a> page.)
93 }
94 if( hasAnyCap(zAnonCap,"j") ){
95 @ <li> Wiki pages
96 }
97 if( hasAnyCap(zAnonCap,"r") ){
98 @ <li> Tickets
99 }
 
 
 
 
 
 
 
 
 
 
100 @ </ul>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
101 }
102
 
103 style_footer();
104 }
105
106 /*
107 ** WEBPAGE: takeitprivate
108
--- src/security_audit.c
+++ src/security_audit.c
@@ -68,12 +68,12 @@
68 @ immediately! Or, at least remove the Setup and Admin privileges
69 @ for users "anonymous" and "login" on the
70 @ <a href="setup_ulist">User Configuration</a> page.
71 }else if( hasAnyCap(zAnonCap,"y") ){
72 @ <li><p>This repository is <big><b>INSECURE</b></big> because
73 @ it allows anonymous users to push unversioned files.
74 @ <p>Fix this by <a href="takeitprivate">taking the repository private</a>
75 @ or by removing the "y" permission from users "anonymous" and
76 @ "nobody" on the <a href="setup_ulist">User Configuration</a> page.
77 }else if( hasAnyCap(zAnonCap,"goz") ){
78 @ <li><p>This repository is <big><b>PUBLIC</b></big>. All
79 @ checked-in content can be accessed by anonymous passers-by on the
@@ -84,24 +84,111 @@
84 }else{
85 @ <li><p>This repository is <big><b>Mostly PRIVATE</b></big>.
86 @ A valid login and password is usually required, however some
87 @ content can be accessed anonymously:
88 @ <ul>
 
 
 
 
 
89 if( hasAnyCap(zAnonCap,"j") ){
90 @ <li> Wiki pages
91 }
92 if( hasAnyCap(zAnonCap,"r") ){
93 @ <li> Tickets
94 }
95 if( zPubPages && zPubPages[0] ){
96 Glob *pGlob = glob_create(zPubPages);
97 int i;
98 @ <li> URLs that matches any of these GLOB patterns:
99 @ <ul>
100 for(i=0; i<pGlob->nPattern; i++){
101 @ <li> %h(pGlob->azPattern[i])
102 }
103 @ </ul>
104 }
105 @ </ul>
106 if( zPubPages && zPubPages[0] ){
107 @ <p>Change GLOB patterns exceptions using the "Public pages" setting
108 @ on the <a href="setup_access">Access Settings</a> page.</p>
109 }
110 }
111
112 /* Make sure the HTTPS is required for login, so that the password
113 ** does not go across the internet in the clear.
114 */
115 if( db_get_boolean("redirect-to-https",0)==0 ){
116 @ <li><p><b>WARNING:</b>
117 @ Login passwords can be sent over an unencrypted connection.
118 @ <p>Fix this by activating the "Redirect to HTTPS on the Login page"
119 @ setting on the <a href="setup_access">Access Control</a> page.
120 }
121
122 /* Anonymous users should not be able to harvest email addresses
123 ** from tickets.
124 */
125 if( hasAnyCap(zAnonCap, "e") ){
126 @ <li><p><b>WARNING:</b>
127 @ Anonymous users can view email addresses and other personally
128 @ identifiable information on tickets.
129 @ <p>Fix this by removing the "Email" privilege from users
130 @ "anonymous" and "nobody" on the
131 @ <a href="setup_ulist">User Configuration</a> page.
132 }
133
134 /* Anonymous users probably should not be allowed to push content
135 ** to the repository.
136 */
137 if( hasAnyCap(zAnonCap, "i") ){
138 @ <li><p><b>WARNING:</b>
139 @ Anonymous users can push new check-ins into the repository.
140 @ <p>Fix this by removing the "Check-in" privilege from users
141 @ "anonymous" and "nobody" on the
142 @ <a href="setup_ulist">User Configuration</a> page.
143 }
144
145 /* Anonymous users probably should not be allowed act as moderators
146 ** for wiki or tickets.
147 */
148 if( hasAnyCap(zAnonCap, "lq") ){
149 @ <li><p><b>WARNING:</b>
150 @ Anonymous users can act as moderators for wiki and/or tickets.
151 @ This defeats the whole purpose of moderation.
152 @ <p>Fix this by removing the "Mod-Wiki" and "Mod-Tkt"
153 @ privilege from users "anonymous" and "nobody" on the
154 @ <a href="setup_ulist">User Configuration</a> page.
155 }
156
157 /* Anonymous users probably should not be allowed to delete
158 ** wiki or tickets.
159 */
160 if( hasAnyCap(zAnonCap, "d") ){
161 @ <li><p><b>WARNING:</b>
162 @ Anonymous users can delete wiki and tickets.
163 @ <p>Fix this by removing the "Delete"
164 @ privilege from users "anonymous" and "nobody" on the
165 @ <a href="setup_ulist">User Configuration</a> page.
166 }
167
168 /* If anonymous users are allowed to create new Wiki, then
169 ** wiki moderation should be activated to pervent spam.
170 */
171 if( hasAnyCap(zAnonCap, "fk") ){
172 if( db_get_boolean("modreq-wiki",0)==0 ){
173 @ <li><p><b>WARNING:</b>
174 @ Anonymous users can create or edit wiki without moderation.
175 @ This can result in robots inserting lots of wiki spam into
176 @ repository.
177 @ <p>Fix this by removing the "New-Wiki" and "Write-Wiki"
178 @ privileges from users "anonymous" and "nobody" on the
179 @ <a href="setup_ulist">User Configuration</a> page or
180 @ by enabling wiki moderation on the
181 @ <a href="setup_modreq">Moderation Setup</a> page.
182 }else{
183 @ <li><p>
184 @ Anonymous users can create or edit wiki, but moderator
185 @ approval is required before the edits become permanent.
186 }
187 }
188
189 @ </ol>
190 style_footer();
191 }
192
193 /*
194 ** WEBPAGE: takeitprivate
195

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button