Artifact [d87254dab7]
Not logged in
HomeTimelineBranchesTagsTicketsWikiLogin
Download Hex Parsed

Artifact d87254dab760276a21dbfde77b3e63a94042f495:

Ticket change [d87254dab7] - New ticket [573727d6d9] Default disallow local local users. by anonymous 2011-02-21 22:38:38. 
D 2011-02-21T22:38:38.897
J comment When\susing\snginx\sto\sproxy\sback\sto\sa\sfossil\srepo,\sit's\seasy\sto\seither\suncheck\sonce\sin\sproduction\sor\sleave\sunchecked\sto\sstart.\sNot\sunsolvable,\sbut\sit\swould\sbe\sideal\sto\shave\s"Require\spassword\sfor\slocal\saccess"\schecked\sby\sdefault\sor\sremoved\sall\stogether\sin\sfavor\sof\sthe\sfollowing\sbehavior.\r\n\r\nI\sunderstand\sthat\soption\sis\sthere\sto\sfacilitate\slocal\slogins\svia\s"fs\sui"\sbut\sit\sseems\slike\sa\sbetter\salternative\swould\sbe\sto\smake\s"fs\sui"\sperform\sthe\sfollowing:\r\n\r\n<ol>\r\n<li>User\scalls\s<code>fs\sui</code>\sfrom\sthe\scommand\sline</li>\r\n<li><code>fs\sui</code>\sinjects\sa\svalid\sone-time\suse\stoken\sin\sto\sthe\ssessions\stable</li>\r\n<li><code>fs\sui</code>\sthen\scalls\sweb-browser\swith\ssomething\slike\s<code>http://127.0.0.1:8080/my_repo/auto-login?token=abcdef0123456789abcdef0123456789</code>\swhich\sissues\sthe\suser\sa\slogin\scookie\sand\sremoves\sthe\sone-time\suse\stoken\sfrom\sthe\sdatabase</li>\r\n</ol>\r\n\r\nThis\sstep\swould\sgo\sa\slong\sways\stowards\sa\s"secure\sby\sdefault"\spolicy\sfor\sFossil.
J private_contact 84f59114b7eee7088fd7e2932599c69c9ad0761b
J severity Important
J status Open
J title Default\sdisallow\slocal\slocal\susers
J type Feature_Request
K 573727d6d93badc681bd957a8e0945b3d053d487
U anonymous
Z 33de68eab14175ebd552072c4dd853da
Fossil version [4df919803b] 2020-05-25 23:23:49