Fossil

Check-in [1dc5e1ce]
Login

Check-in [1dc5e1ce]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Removed a no-longer-correct doc passage which referenced the older practice of using an IP component in the login cookie.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 1dc5e1ce6da482c7abda63f21830a137f58aff5565417cce107eb07205913194
User & Date: stephan 2021-10-10 15:55:53
Context
2021-10-11
10:11
When doing an automatic open following a clone, do not autosync. The repo was just cloned and should already be current. See forum post 0dbfeab2ff. ... (check-in: 160bd677 user: drh tags: trunk)
2021-10-10
15:55
Removed a no-longer-correct doc passage which referenced the older practice of using an IP component in the login cookie. ... (check-in: 1dc5e1ce user: stephan tags: trunk)
15:44
/chat: grouped config settings into categories. Moved config checkboxes back to the left, per /chat feedback, but now clicking anywhere on their row toggles them. Slightly shrunk the main buttons when in non-compact mode. Various look-and-feel and help text tweaks to the config view. ... (check-in: 67e85998 user: stephan tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to www/password.wiki. 

75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

address of the client is stored in the USER.COOKIE and USER.IPADDR fields
of the USER table on the server.
The USER.CEXPIRE field holds an expiration date
for the cookie, encoded as a Julian day number.  On all subsequent
HTTP requests, the cookie value is matched against the USER table to
enable access to the repository.

A login cookie will only work if the IP address matches.  This feature
is designed to make it more difficult for an attacker to sniff the cookie
and take over the connection.  A cookie-sniffing attack will only work
if the attacker is able to send and receive from the same IP address as
the original login.  However, we found that doing an exact IP match
caused problems for some users who are behind proxy firewalls where the proxy
might use a different IP address for each query.  To work around this
problem, newer versions of fossil only check the first 16 bits of the
32-bit IP address.  This makes a cookie sniffing attack easier since now
the attacker only has to send and receive from any IP address in a range
of IPs that are similar to the initial login.  But that is seen as an
acceptable compromise in exchange for ease of use.  If higher security
is really needed, then HTTPS can be used instead of HTTP.

Note that in order to log into a Fossil server, it is necessary to
write information into the repository database.  Hence, login is not
possible on a Fossil repository with a read-only database file.

The user password is sent over the wire as cleartext on the initial
login attempt.  The plan moving forward is to compute the SHA1 hash of
the password on the client using JavaScript and then send only the hash








<
<
<
<
<
<
<
<
<
<
<
<
<
<








75
76
77
78
79
80
81














82
83
84
85
86
87
88

address of the client is stored in the USER.COOKIE and USER.IPADDR fields
of the USER table on the server.
The USER.CEXPIRE field holds an expiration date
for the cookie, encoded as a Julian day number.  On all subsequent
HTTP requests, the cookie value is matched against the USER table to
enable access to the repository.















Note that in order to log into a Fossil server, it is necessary to
write information into the repository database.  Hence, login is not
possible on a Fossil repository with a read-only database file.

The user password is sent over the wire as cleartext on the initial
login attempt.  The plan moving forward is to compute the SHA1 hash of
the password on the client using JavaScript and then send only the hash