Fossil

File History
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

History of src/security_audit.c

2018-11-28
18:42
Found several more pages protected with "!g.perm.Setup && !g.perm.Admin" guards: changed them all to "!g.perm.Admin" only for the same reason as [558952c8]. file: [4950cbf3] check-in: [42c3364f] user: wyoung branch: trunk, size: 19670
18:34
The /secaudit0 page was checking for both Admin and Setup capabilities, which means it was only accessible to users with Setup users, since that is the only class that can have both capabilities. Since it's documented as being available to Admin users, changed the logic to allow access to Admin *OR* Setup users. file: [3df788aa] check-in: [558952c8] user: wyoung branch: trunk, size: 19721
2018-10-17
23:53
Enhance the security-audit page to detect insecurities resulting from having self-registration enabled. This is a work in progress. More testing and more checks are needed in this area. file: [d3a6b6a0] check-in: [724ccc46] user: drh branch: trunk, size: 19721
2018-08-30
21:19
Change the name of the "email.c" source file into "alerts.c". Make corresponding changes to various interfaces. file: [e84908c0] check-in: [cfbbc537] user: drh branch: refactor-alerts, size: 18137
2018-08-17
12:32
Improvements to privilege processing and the "Security Audit" page /secaudit0. file: [a8ba14e5] check-in: [397d23c1] user: drh branch: trunk, size: 18137
2018-07-31
04:18
Add the email alerts configuration summary to the security audit page. file: [fc83d40e] check-in: [a9e67fe6] user: drh branch: forum-v2, size: 18081
2018-07-30
21:08
Add the user capability summary to the security audit. file: [631dd753] check-in: [39d5e675] user: drh branch: forum-v2, size: 17881
19:14
Break out the processing of capability strings into a separate source file. Add new SQL functions: capunion() and fullcap(). Only send email notifications to users who have appropriate capabilities. file: [a29dffbd] check-in: [8a28a37c] user: drh branch: forum-v2, size: 17819
16:01
Add new security-audit checks for forum and "Announce" privileges. file: [64df87e3] check-in: [5d6fc967] user: drh branch: forum-v2, size: 17836
2018-07-19
15:52
Backoffice only runs for successful webpage that have the database open. Add "refresh" and "Show All" buttons on the /errorlog page. file: [3366c625] check-in: [aa17077e] user: drh branch: trunk, size: 16526
2018-07-15
18:31
Improvements to error logging. Only log fossil_panic() calls, not fossil_fatal() calls. file: [f2b10296] check-in: [06d4751a] user: drh branch: trunk, size: 16339
2018-07-12
14:55
Add "Download", "Test", and "Truncate" submenu buttons on the /errorlog page. Show a confirmation page prior to truncating the error log. Improvements to the /test-warning page, including a link back to /errorlog through the submenu. file: [de86da99] check-in: [c931dd7b] user: drh branch: trunk, size: 16339
14:09
Add "Truncate" and "Download" buttons to the /errorlog display. Provide a link to the error log on the /setup page. file: [30a24a06] check-in: [8e3bad04] user: drh branch: trunk, size: 16053
2018-06-29
15:29
Less severe warning on the security audit if the server error log is disabled. file: [7b7d6a51] check-in: [fe5e9de1] user: drh branch: trunk, size: 15635
2018-06-26
11:54
Fix compiler warnings on windows. Fix the file_directory_size() function so that it works on windows. file: [c9b102c9] check-in: [6a7d2ad8] user: drh branch: trunk, size: 15764
2018-06-25
16:19
Fix harmless compiler warnings. Also remove the "ago" text from the "Last Change" column in the subscriber list webpage. file: [479c457a] check-in: [69d332ff] user: drh branch: trunk, size: 15764
13:47
Add information about the server error log to the security audit page. Provide the new /errorlog page for viewing the server logfile online. file: [09c62594] check-in: [a9e74eb3] user: drh branch: trunk, size: 15776
2017-12-07
11:33
Spelling typos from Debian file: [39296d08] check-in: [4d1ac686] user: drh branch: trunk, size: 13313
2017-07-12
18:55
Remove an unused variable from the security audit webpage. file: [7258617b] check-in: [7c0b9714] user: drh branch: trunk, size: 13312
03:02
Fix a typo on the security audit webpage. file: [ffb80cbb] check-in: [35f712d4] user: drh branch: trunk, size: 13324
2017-07-03
09:31
Update changes.wiki. Some eol-spacing file: [4990fcdc] check-in: [86d4754a] user: jan.nijtmans branch: trunk, size: 13326
2017-07-01
22:43
Fix a minor problem with Write-Unver reporting on the security audit report. file: [284d2e62] check-in: [5c999558] user: drh branch: trunk, size: 13340
22:17
More checking of user permissions on the Security Audit page. file: [84b96ba7] check-in: [564e42df] user: drh branch: trunk, size: 13373
00:52
Improved wording on some of the security-audit warnings. file: [bbdd8771] check-in: [752365e7] user: drh branch: trunk, size: 11630
00:51
More security-audit checks. file: [af02cf1a] check-in: [4253b1de] user: drh branch: trunk, size: 11693
2017-06-30
18:28
New security audit checks. file: [e3453d85] check-in: [6c543c03] user: drh branch: trunk, size: 10426
16:13
Many new permission checks for the security-audit page. file: [c0ab1b92] check-in: [c12ffe2c] user: drh branch: security-audit, size: 8033
15:17
Start the security audit by checking to see if the repos it public or private. file: [3944762c] check-in: [7f29e264] user: drh branch: security-audit, size: 4885
13:36
Add a stub for the Security Audit page. file: [75463054] check-in: [c5504029] user: drh branch: security-audit, size: 1110 Added