giusz Modrzejewski
Sent: Tuesday, November 22, 2011 5:50 PM
To: Fossil SCM user's discussion
Subject: Re: [fossil-users] Authentication via URL
On Nov 22, 2011, at 9:46 PM, Jeremy Cowgar wrote:
Try a smarter RSS reader? I remember having Opera read a few protected
feeds...
It's not th
On Wed, Nov 23, 2011 at 12:07 AM, Stephan Beal wrote:
> i forgot to mention that i have a horrible disease called, "can't sleep
> when there's an easy bug which can be fixed."
>
And it gets worse as the night goes on :/.
> So now the 64kb question is: if the cookie's _value_ is called
> "authT
On Tue, Nov 22, 2011 at 10:29 PM, Stephan Beal wrote:
> On Tue, Nov 22, 2011 at 10:10 PM, Jeremy Cowgar wrote:
>
>> That does indeed work
>>
>
> PS: on Thursday morning i'll be leaving town for the back woods of
> northern Germany for 4 days (without a PC), so i'll get the cookie name
> added t
On Nov 22, 2011, at 9:46 PM, Jeremy Cowgar wrote:
>> Try a smarter RSS reader? I remember having Opera read a few protected
>> feeds...
>
> It's not that simple. Most RSS readers will authenticate via Basic
> Authentication, which most feeds are setup as. Fossil, on the other hand,
> does not
On Tue, Nov 22, 2011 at 10:42 PM, Jeremy Cowgar wrote:
> ...The “RSS Key”, if anyone greps the log for it, would grant them
> access (until your password was changed) to view what has changed but not
> any detail. Thus, it is much less of a security hazard.
>
Having a "read-only API key" of so
Maybe it could be called Remote Key or something and used both for JSON and
RSS.
Jeremy
From: Jeremy Cowgar
Sent: Tuesday, November 22, 2011 4:42 PM
To: Fossil SCM user's discussion
Subject: Re: [fossil-users] Authentication via URL
I just thought of another potential solution, I think
, 2011 4:29 PM
To: Fossil SCM user's discussion
Subject: Re: [fossil-users] Authentication via URL
On Tue, Nov 22, 2011 at 10:10 PM, Jeremy Cowgar wrote:
That does indeed work
PS: on Thursday morning i'll be leaving town for the back woods of northern
Germany for 4 days (without a PC), s
On Tue, Nov 22, 2011 at 10:10 PM, Jeremy Cowgar wrote:
> That does indeed work
>
PS: on Thursday morning i'll be leaving town for the back woods of northern
Germany for 4 days (without a PC), so i'll get the cookie name added to the
JSON output tomorrow (Wednesday) evening before i leave.
>
On Tue, Nov 22, 2011 at 10:10 PM, Jeremy Cowgar wrote:
> That does indeed work, however, how long will that cookie be active? It
> should have a time encoded in it as to expire after a period of time.
> Otherwise, if someone were to get ahold of the cookie they could use it
> indefinitely.
>
i
, 2011 3:58 PM
To: Fossil SCM user's discussion
Subject: Re: [fossil-users] Authentication via URL
On Tue, Nov 22, 2011 at 9:44 PM, Stephan Beal wrote:
In theory (though i have not tested it), you can pass the login cookie as
a GET parameter, as fossil internally treats GET/POST/COOKIE
On Tue, Nov 22, 2011 at 9:44 PM, Stephan Beal wrote:
> In theory (though i have not tested it), you can pass the login cookie as
> a GET parameter, as fossil internally treats GET/POST/COOKIE data
> identically for most purposes. The trick, then, is getting the login
> cookie. ...
>
Here's somet
-Original Message-
From: Remigiusz Modrzejewski
Sent: Tuesday, November 22, 2011 3:43 PM
To: Fossil SCM user's discussion
Subject: Re: [fossil-users] Authentication via URL
On Nov 22, 2011, at 9:32 PM, Jeremy Cowgar wrote:
So we are back to square one on accessing an RSS feed th
On Tue, Nov 22, 2011 at 9:32 PM, Jeremy Cowgar wrote:
> 1. Use allow authuser=johndoe&authpass=**secret as a URL parameter
> 2. Forget accessing secured RSS feeds
>
> Any other ideas?
>
>
In theory (though i have not tested it), you can pass the login cookie as a
GET parameter, as fossil internal
On Nov 22, 2011, at 9:32 PM, Jeremy Cowgar wrote:
> So we are back to square one on accessing an RSS feed that is protected via a
> normal RSS reader. There may only be two solutions to this problem:
>
> 1. Use allow authuser=johndoe&authpass=secret as a URL parameter
> 2. Forget accessing secu
inal Message-
From: Brian Smith
Sent: Tuesday, November 22, 2011 3:10 PM
To: Fossil SCM user's discussion
Subject: Re: [fossil-users] Authentication via URL
It works because it's not sent as HTTP Basic when cloning.
Fossil sends it in it's own 'Card' format. The passw
at.
>
> Jeremy
>
> From: Stephan Beal
> Sent: Tuesday, November 22, 2011 2:32 PM
> To: Fossil SCM user's discussion
> Subject: Re: [fossil-users] Authentication via URL
> On Mon, Nov 21, 2011 at 11:28 PM, Jeremy Cowgar wrote:
>>
>> http://user:pass/@... does n
:32 PM
To: Fossil SCM user's discussion
Subject: Re: [fossil-users] Authentication via URL
On Mon, Nov 21, 2011 at 11:28 PM, Jeremy Cowgar wrote:
http://user:pass/@... does not work. That is just another way of encoding
for HTTP Basic Authentication which fossil does not support, and c
On Mon, Nov 21, 2011 at 11:28 PM, Jeremy Cowgar wrote:
> http://user:pass@... does not work. That is just another way of
> encoding for HTTP Basic Authentication which fossil does not support, and
> cannot support w/CGI.
>
Aha - i see now that it works for cloning, but apparently not the HTTP
users] Authentication via URL
On Mon, Nov 21, 2011 at 8:36 PM, Jeremy Cowgar wrote:
https://myrepo/index.cgi/timeline.rss?authuser=johndoe&authpass=secret
Did you know that you can do do:
http://user:pass@
?
i haven't ever tried it with ssl, but "it should work" i would guess.
On Mon, Nov 21, 2011 at 8:36 PM, Jeremy Cowgar wrote:
> https://myrepo/index.cgi/timeline.rss?authuser=johndoe&authpass=secret
>
Did you know that you can do do:
http://user:pass@
?
i haven't ever tried it with ssl, but "it should work" i would guess.
--
- stephan beal
http://wand
I would like to use my RSS reader to monitor a few timeline RSS feeds of
mine from Fossil (tickets mainly). The problem is that on a few of the work
projects, all repos are locked down. I cannot access the RSS feed without
authenticating. I do not wish to duplicate all the username/passwords int
21 matches
Mail list logo
