Fossil

Check-in [2b964533]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Documentation on FOSSIL_SECURITY_LEVEL.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 2b964533da914f5e394d4c3c1903ea011390798a
User & Date: drh 2016-07-09 16:38:10
Context
2016-07-09
16:43
Fix a typo in the FOSSIL_SECURITY_LEVEL documentation of the previous check-in. check-in: 2dec4bdf user: drh tags: trunk
16:38
Documentation on FOSSIL_SECURITY_LEVEL. check-in: 2b964533 user: drh tags: trunk
02:12
Fix spelling of "occurrence" check-in: d064213b user: andygoth tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to www/encryptedrepos.wiki.

36
37
38
39
40
41
42
43


























encryption password.
To avoid excess password typing, consider using the "fossil shell"
command which prompts for the password just once, then reuses it for each
subsequent Fossil command entered at the prompt.
<p>
On Windows, the "fossil server", "fossil ui", and "fossil shell" commands do not
(currently) work on an encrypted repository.
</blockquote>


































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
encryption password.
To avoid excess password typing, consider using the "fossil shell"
command which prompts for the password just once, then reuses it for each
subsequent Fossil command entered at the prompt.
<p>
On Windows, the "fossil server", "fossil ui", and "fossil shell" commands do not
(currently) work on an encrypted repository.
</blockquote>
<h2>Additional Security</h2><blockquote>
Use the FOSSIL_SECURITY_LEVEL environment for additional protection.
<blockquote><pre>
export FOSSIL_SECURITY_LEVEL=1
</pre></blockquote>
A setting of 1 or greater
prevents fossil from trying to remember the previous sync password. Setting
<blockquote><pre>
export FOSSIL_SECURITY_LEVEL=2
</pre></blockquote>
A setting of 2 or greater
causes all password prompts to be preceeded by a random translation matrix similar
to the following:
<blockquote><pre>
abcde fghij klmno pqrst uvwyz
qresw gjymu dpcoa fhkzv inlbt
</pre></blockquote>
When entering the password, the user must substitute the letter on the second
line that corresponds to the letter on the first line.  Uppercase substitutes
for uppercase inputs, and lowercase substitutes for lowercase inputs.  Letters
that are not in the translation matrix (digits, punctuation, and "x") are not
modified.  For example, given the
translation matrix above, if the password is "pilot-9crazy-xube", then the user
must type "fmpav-9ekqtb-xirw".  This simple substitution cypher helps prevent
password capture by keyloggers.
</blockquote>