On Wed, May 30, 2012 at 10:56:15PM -0500, Thomas Stover wrote:
> > By my second question, I meant Fossil's "Administrator" account, not
> > that of windows. Assuming that I don't find a solution for people
> > brute-forcing passwords for regular accounts, that's not a big deal.
> > However, if pe
Thomas Stover wrote:
>On Thu, 31 May 2012 13:44:52 +1000
>"Chen, Zon" wrote:
>> So ideally we want to be able to limit Fossil's Administrator account
>> to only work from the local PC (or better yet, from LAN only.)
>ok that makes sense. I do know that you can "unlock" the admin account
>by just d
On Thu, 31 May 2012 13:44:52 +1000
"Chen, Zon" wrote:
> By my second question, I meant Fossil's "Administrator" account, not
> that of windows. Assuming that I don't find a solution for people
> brute-forcing passwords for regular accounts, that's not a big deal.
> However, if people can brute-f
Thanks Thomas. I'll investigate stunnel.
By my second question, I meant Fossil's "Administrator" account, not that of
windows. Assuming that I don't find a solution for people brute-forcing
passwords for regular accounts, that's not a big deal. However, if people can
brute-force the Fossil Ad
On Thu, 31 May 2012 12:00:48 +1000
"Chen, Zon" wrote:
> - By default, there doesn't seem to be a feature to stop brute-force
> attacks on passwords, like a max-number-of-invalid-logins thing. Are
> there ways to protect our user accounts from such attacks?
TLS/SSL (https) is the first step towa
Hi, just getting started with Fossil. We're using it mostly for the issue
tracker. I'm not very familiar with networking/security in an organisation, so
hopefully someone can give me some advice.
I've done a search through the mailing list archives for "security", "login
attempts", "login lock
6 matches
Mail list logo
