Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Assorted small improvements to admin-v-setup.md. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
eadf2644e4b469805b4e274257459af0 |
User & Date: | wyoung 2018-12-01 06:17:28.343 |
Context
2018-12-01
| ||
06:19 | Typo fix ... (check-in: 572574d1 user: wyoung tags: trunk) | |
06:17 | Assorted small improvements to admin-v-setup.md. ... (check-in: eadf2644 user: wyoung tags: trunk) | |
05:49 | The recent change that allows Admin-only users to edit the skin affected the setup.c side of things only: there were also several bits in skins.c that checked for g.perm.Setup, so an Admin-only user couldn't actually do anthing useful. ... (check-in: 7b58c6fd user: wyoung tags: trunk) | |
Changes
Changes to www/admin-v-setup.md.
︙ | ︙ | |||
103 104 105 106 107 108 109 | of the Setup user: delete accounts created by spammers, fix email alert subscriptions, reset passwords, etc. * **Security audit**: The Admin → Security-Audit page runs several tests on the Fossil repository's configuration, then reports potential problems it found and offers canned solutions. Those canned solutions do not do anything that an Admin-user could not do | > | | > > | 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 | of the Setup user: delete accounts created by spammers, fix email alert subscriptions, reset passwords, etc. * **Security audit**: The Admin → Security-Audit page runs several tests on the Fossil repository's configuration, then reports potential problems it found and offers canned solutions. Those canned solutions do not do anything that an Admin-user could not do via other means, so this page offers the Admin-only user no more power than they otherwise had. For example, this page's "Take it Private" feature can also be done manually via Admin → Users. This page is a convenience, not a grant of new power to the Admin-only user. * **Logging**:<a id="log"></a> Admin-only users get to see the various Fossil logs in case they need to use them to understand a problem they're empowered to solve. An obvious example is a spam attack: the Admin might want to find the user's last-used IP, see if they cloned the repository, see if they attempted to brute-force an existing login before self-registering, etc. |
︙ | ︙ | |||
168 169 170 171 172 173 174 | * <p>[Email alerts](./alerts.md) and [backoffice](./backoffice.md) status. Admin-only users cannot modify the email alerts setup, but they can see some details about its configuration and current status.</p> * <p>The `/urllist` page, which is a read-only page showing the | | | | | 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 | * <p>[Email alerts](./alerts.md) and [backoffice](./backoffice.md) status. Admin-only users cannot modify the email alerts setup, but they can see some details about its configuration and current status.</p> * <p>The `/urllist` page, which is a read-only page showing the ways the repository can be accessed and how it has been accessed in the past. Logically, this is an extension to logging, [covered above](#log).</p> * <p>The Fossil repository SQL schema. This is not particularly sensitive information, since you get more or less the same information when you clone the repository. It's restricted to Admin because it's primarily useful in debugging SQL errors, which happen most often when Fossil itself is in flux and the schema isn't being automatically updated correctly. That puts |
︙ | ︙ | |||
300 301 302 303 304 305 306 | * **SQL**: The Admin → SQL feature allows the Setup user to enter raw SQL queries against the Fossil repository via Fossil UI. This not only allows arbitrary ability to modify the repository blockchain and its backing data tables, it can probably also be used to damage the host such as via `PRAGMA temp_store = FILE`. | | | | > > | | | | 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 | * **SQL**: The Admin → SQL feature allows the Setup user to enter raw SQL queries against the Fossil repository via Fossil UI. This not only allows arbitrary ability to modify the repository blockchain and its backing data tables, it can probably also be used to damage the host such as via `PRAGMA temp_store = FILE`. * **TH1**: The [TH1 language][TH1] is quite restricted relative to the Tcl language it descends from, so this author does not believe there is a way to damage the Fossil repository or its host via the Admin → TH1 feature, which allows exeuction of arbitrary TH1 code within the repository's execution context. Nevertheless, interpreters are a well-known source of security problems, so it seems best to restrict this feature to Setup-only users as long as we lack a good reason for Admin-only users to have access to it. [fcp]: https://fossil-scm.org/fossil/help?cmd=configuration [forum]: https://fossil-scm.org/forum/ [rs]: https://www.fossil-scm.org/index.html/doc/trunk/www/settings.wiki [sia]: https://fossil-scm.org/fossil/artifact?udc=1&ln=1259-1260&name=0fda31b6683c206a [th1]: https://www.fossil-scm.org/index.html/doc/trunk/www/th1.md [tt]: https://en.wikipedia.org/wiki/Tiger_team#Security [ucap]: https://fossil-scm.org/fossil/setup_ucap_list |