Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Assorted small improvements to admin-v-setup.md. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
eadf2644e4b469805b4e274257459af0 |
| User & Date: | wyoung 2018-12-01 06:17:28.343 |
Context
|
2018-12-01
| ||
| 06:19 | Typo fix ... (check-in: 572574d1 user: wyoung tags: trunk) | |
| 06:17 | Assorted small improvements to admin-v-setup.md. ... (check-in: eadf2644 user: wyoung tags: trunk) | |
| 05:49 | The recent change that allows Admin-only users to edit the skin affected the setup.c side of things only: there were also several bits in skins.c that checked for g.perm.Setup, so an Admin-only user couldn't actually do anthing useful. ... (check-in: 7b58c6fd user: wyoung tags: trunk) | |
Changes
Changes to www/admin-v-setup.md.
| ︙ | ︙ | |||
103 104 105 106 107 108 109 |
of the Setup user: delete accounts created by spammers, fix email
alert subscriptions, reset passwords, etc.
* **Security audit**: The Admin → Security-Audit page runs several
tests on the Fossil repository's configuration, then reports
potential problems it found and offers canned solutions. Those
canned solutions do not do anything that an Admin-user could not do
| > | | > > | 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
of the Setup user: delete accounts created by spammers, fix email
alert subscriptions, reset passwords, etc.
* **Security audit**: The Admin → Security-Audit page runs several
tests on the Fossil repository's configuration, then reports
potential problems it found and offers canned solutions. Those
canned solutions do not do anything that an Admin-user could not do
via other means, so this page offers the Admin-only user no more
power than they otherwise had. For example, this page's "Take it
Private" feature can also be done manually via Admin → Users. This
page is a convenience, not a grant of new power to the Admin-only
user.
* **Logging**:<a id="log"></a> Admin-only users get to see the various
Fossil logs in case they need to use them to understand a problem
they're empowered to solve. An obvious example is a spam attack: the
Admin might want to find the user's last-used IP, see if they cloned
the repository, see if they attempted to brute-force an existing
login before self-registering, etc.
|
| ︙ | ︙ | |||
168 169 170 171 172 173 174 |
* <p>[Email alerts](./alerts.md) and [backoffice](./backoffice.md)
status. Admin-only users cannot modify the email alerts setup,
but they can see some details about its configuration and
current status.</p>
* <p>The `/urllist` page, which is a read-only page showing the
| | | | | 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 |
* <p>[Email alerts](./alerts.md) and [backoffice](./backoffice.md)
status. Admin-only users cannot modify the email alerts setup,
but they can see some details about its configuration and
current status.</p>
* <p>The `/urllist` page, which is a read-only page showing the
ways the repository can be accessed and how it has been accessed
in the past. Logically, this is an extension to logging,
[covered above](#log).</p>
* <p>The Fossil repository SQL schema. This is not particularly
sensitive information, since you get more or less the same
information when you clone the repository. It's restricted to
Admin because it's primarily useful in debugging SQL errors,
which happen most often when Fossil itself is in flux and the
schema isn't being automatically updated correctly. That puts
|
| ︙ | ︙ | |||
300 301 302 303 304 305 306 |
* **SQL**: The Admin → SQL feature allows the Setup user to enter raw
SQL queries against the Fossil repository via Fossil UI. This not
only allows arbitrary ability to modify the repository blockchain
and its backing data tables, it can probably also be used to damage
the host such as via `PRAGMA temp_store = FILE`.
| | | | > > | | | | 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 |
* **SQL**: The Admin → SQL feature allows the Setup user to enter raw
SQL queries against the Fossil repository via Fossil UI. This not
only allows arbitrary ability to modify the repository blockchain
and its backing data tables, it can probably also be used to damage
the host such as via `PRAGMA temp_store = FILE`.
* **TH1**: The [TH1 language][TH1] is quite restricted relative to the
Tcl language it descends from, so this author does not believe there
is a way to damage the Fossil repository or its host via the Admin →
TH1 feature, which allows exeuction of arbitrary TH1 code within the
repository's execution context. Nevertheless, interpreters are a
well-known source of security problems, so it seems best to restrict
this feature to Setup-only users as long as we lack a good reason
for Admin-only users to have access to it.
[fcp]: https://fossil-scm.org/fossil/help?cmd=configuration
[forum]: https://fossil-scm.org/forum/
[rs]: https://www.fossil-scm.org/index.html/doc/trunk/www/settings.wiki
[sia]: https://fossil-scm.org/fossil/artifact?udc=1&ln=1259-1260&name=0fda31b6683c206a
[th1]: https://www.fossil-scm.org/index.html/doc/trunk/www/th1.md
[tt]: https://en.wikipedia.org/wiki/Tiger_team#Security
[ucap]: https://fossil-scm.org/fossil/setup_ucap_list
|