On 3/11/2015 2:08 PM, Graeme Pietersz wrote: > I just experimented with a new repo > > Even if nobody has no privileges, anonymous can login.
True. Take away all of anonymous's capabilities to remove the ability for anonymous to log in. The documentation needs to be updated to say this clearly. > anonymous does have some privileges not inherited from nobody (hmncz) anonymous doesn't have z by default. > and these can be used by directly typing in the appropriate URLs. I > have not tested everything, but I have verified the biggest weakness: > anonymous can download a zip archive using the /zip url. h affects timeline, etc. generation m gives /wikiappend n gives /tktnew c gives /tktedit z gives /zip -- Andy Goth | <andrew.m.goth/at/gmail/dot/com>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users