Fossil SCM
Updated comment about "6-character random hex password" at the top level of the new setup docs to track [23a9f9bac2].
Commit
f304ba31fe42e2dabf1c6f208464d8aa65156f5d3f89012ae1c523d49dc11a35
Parent
b2379b31c2e1965…
1 file changed
+3
-2
+3
-2
| --- www/server/index.html | ||
| +++ www/server/index.html | ||
| @@ -78,12 +78,13 @@ | ||
| 78 | 78 | |
| 79 | 79 | <ol> |
| 80 | 80 | <li><p>Fossil creates only one user in a <a |
| 81 | 81 | href="$ROOT/help?cmd=new">new repository</a> and gives it the <a |
| 82 | 82 | href="../admin-v-setup.md">all-powerful Setup capability</a>. (“s”) |
| 83 | - The 6-digit random hex password generated for that user is not very strong against | |
| 84 | - remote attack, so because that user has so much power, you should | |
| 83 | + The 10-digit random password generated for that user is fairly strong | |
| 84 | + against remote attack, even without explicit password guess rate | |
| 85 | + limiting, but because that user has so much power, you may want to | |
| 85 | 86 | give it a much stronger password under Admin → Users.</a></li> |
| 86 | 87 | |
| 87 | 88 | <li><p>Run the Admin → Security-Audit tool to verify that other |
| 88 | 89 | security-related permissions and settings are as you want them. |
| 89 | 90 | Consider clicking the “Take it private” link on that page to lock down |
| 90 | 91 |
| --- www/server/index.html | |
| +++ www/server/index.html | |
| @@ -78,12 +78,13 @@ | |
| 78 | |
| 79 | <ol> |
| 80 | <li><p>Fossil creates only one user in a <a |
| 81 | href="$ROOT/help?cmd=new">new repository</a> and gives it the <a |
| 82 | href="../admin-v-setup.md">all-powerful Setup capability</a>. (“s”) |
| 83 | The 6-digit random hex password generated for that user is not very strong against |
| 84 | remote attack, so because that user has so much power, you should |
| 85 | give it a much stronger password under Admin → Users.</a></li> |
| 86 | |
| 87 | <li><p>Run the Admin → Security-Audit tool to verify that other |
| 88 | security-related permissions and settings are as you want them. |
| 89 | Consider clicking the “Take it private” link on that page to lock down |
| 90 |
| --- www/server/index.html | |
| +++ www/server/index.html | |
| @@ -78,12 +78,13 @@ | |
| 78 | |
| 79 | <ol> |
| 80 | <li><p>Fossil creates only one user in a <a |
| 81 | href="$ROOT/help?cmd=new">new repository</a> and gives it the <a |
| 82 | href="../admin-v-setup.md">all-powerful Setup capability</a>. (“s”) |
| 83 | The 10-digit random password generated for that user is fairly strong |
| 84 | against remote attack, even without explicit password guess rate |
| 85 | limiting, but because that user has so much power, you may want to |
| 86 | give it a much stronger password under Admin → Users.</a></li> |
| 87 | |
| 88 | <li><p>Run the Admin → Security-Audit tool to verify that other |
| 89 | security-related permissions and settings are as you want them. |
| 90 | Consider clicking the “Take it private” link on that page to lock down |
| 91 |