Menu
▾
▴
Re: [Sandweb-devel] debian package broken
|
From: Micah A. <mi...@ri...> - 2003-08-05 16:39:41
|
On Tue, 05 Aug 2003, Micah Anderson wrote: > > On Mon, 04 Aug 2003, Robert Helmer wrote: > > I notice that there is a password file in > /usr/share/sandweb/users/$user, but it never contains anything... if > this has my VCS password in it, would this make it so I wouldn't have > type in my password everytime I wanted to do a CVS operation? Woops, I meant to clarify this a little before I sent it :) What I mean is... in local mode all commits are done as user www-data, which is annoying because then you can't tell who made what change. So doing things via SSH makes a lot of sense. However, because I am putting together a website CVS repository, I changed /etc/sandweb/sandweb.cfg to have users_dir="/var/www/sandweb" that way a user can check out modules, make changes and then view them via the website (since our apache document root is in /var/www). This is perfect, this is great, but if I were to check "remember my password" in the repository configuration, then the password file will be written with my password and be available on the internet for all to see because it would be in /var/www/sandweb/micah/password. I notice however, that user passwords for the sandweb authentication are in /usr/share/sandweb/data which is not web-accessable... how hard would it be to put both passwords in there? Or is there a better way to do this? Thanks, this software is the best that I've found out there (and I've looked at a LOT of them), it would be awesome if it were integrated with a in-line editor of some sort :) micah |
