Fossil

Check-in [c1601737]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix typo on the /doc/tip/www/password.wiki page. Add a link to that page from the home page.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: c16017374e4318ade54ee0c1e269a0bc2ddde355
User & Date: drh 2010-01-12 14:33:01
References
2010-01-12
22:18 New ticket [70fd24ae] "co --latest" doen't actually get latest in repo.. artifact: 16435d34 user: bharder
Context
2010-01-13
09:35
New option of 'wiki-use-html' which causes the wiki system to use HTML as it's markup language. i.e. do not interfeer with what was entered. check-in: cf3809cc user: jeremy_c tags: trunk
2010-01-12
14:33
Fix typo on the /doc/tip/www/password.wiki page. Add a link to that page from the home page. check-in: c1601737 user: drh tags: trunk
14:10
Transfer SHA1-encoded passwords on a "configure push|pull user" when the client has Admin privilege. check-in: 9c532246 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to www/index.wiki.

115
116
117
118
119
120
121

122
123
124
125
126
127
128
  *  There is a
    [http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users | mailing list] (with publically readable
     [http://www.mail-archive.com/fossil-users@lists.fossil-scm.org | archives]
     available for discussing fossil issues.
  *  [./stats.wiki | Performance statistics] taken from real-world projects
     hosted on fossil.
  *  How to [./shunning.wiki | delete content] from a fossil repository.

  *  Some (unfinished but expanding) extended
      [./reference.wiki | reference documentation] for the fossil command line.
  *  Documentation on the
     [http://www.sqliteconcepts.org/THManual.pdf | TH1 Script Language] used
     to configure the ticketing subsystem.

<h3>Links For Fossil Developer:</h3>







>







115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
  *  There is a
    [http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users | mailing list] (with publically readable
     [http://www.mail-archive.com/fossil-users@lists.fossil-scm.org | archives]
     available for discussing fossil issues.
  *  [./stats.wiki | Performance statistics] taken from real-world projects
     hosted on fossil.
  *  How to [./shunning.wiki | delete content] from a fossil repository.
  *  How Fossil does [./password.wiki | password management].
  *  Some (unfinished but expanding) extended
      [./reference.wiki | reference documentation] for the fossil command line.
  *  Documentation on the
     [http://www.sqliteconcepts.org/THManual.pdf | TH1 Script Language] used
     to configure the ticketing subsystem.

<h3>Links For Fossil Developer:</h3>

Changes to www/password.wiki.

60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
the web interface or direct SQL manipulation of the USER table.
Note also that the password field is
essentially ignored for the special users named "anonymous", "developer",
"reader", and "nobody".  It is not possible to authenticate as users
"developer", "reader", or "nobody" and the authentication protocol
for "anonymous" use one-time captchas not persistent passwords.

<h2>Web Interface Authtentication</h2>

When a user logs into Fossil using the web interface, the login name
and password are sent in the clear to the server.  The server then
hashes the password and compares it against the value stored in USER.PW.
If they match, the server sets a cookie on the client to record the
login.  This cookie contains a large amount of high-quality randomness
and is thus impossible to guess.  The value of the cookie and the IP







|







60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
the web interface or direct SQL manipulation of the USER table.
Note also that the password field is
essentially ignored for the special users named "anonymous", "developer",
"reader", and "nobody".  It is not possible to authenticate as users
"developer", "reader", or "nobody" and the authentication protocol
for "anonymous" use one-time captchas not persistent passwords.

<h2>Web Interface Authentication</h2>

When a user logs into Fossil using the web interface, the login name
and password are sent in the clear to the server.  The server then
hashes the password and compares it against the value stored in USER.PW.
If they match, the server sets a cookie on the client to record the
login.  This cookie contains a large amount of high-quality randomness
and is thus impossible to guess.  The value of the cookie and the IP