|
| From: | graydon hoare |
| Subject: | [Monotone-devel] Re: How secure are group names? |
| Date: | Tue, 02 Dec 2003 00:01:55 -0500 |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031115 Thunderbird/0.3 |
Peter Simons wrote:
Or put differently: Is it possible in a regular way, that ananonymous user downloads the whole depot.db?
yes, unless you configured your depot in an especially secretive way, they can get it just by requesting the .db file in a GET. if not, well, there is no security on reading groups anyways; all groups are readable if you ask for the right name. so I wouldn't count on that as security.
if you'd like to add security, I suppose we can; I had thought you'd just keep such a server private. I never really assume public internet servers are particularly secure things.
P. S.: And is there any way to display which files in a check-out repository are tracked by monotone and which aren't? "list unknown" doesn't seem to do anything.
I think "list unknown" should do that. perhaps you don't have any not-tracked files in your checked out tree? can you run it in --verbose mode and see what it says?
-graydon
| [Prev in Thread] | Current Thread | [Next in Thread] |