42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
+
|
** This page requires administrator access
*/
void secaudit0_page(void){
const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */
const char *zPubPages; /* GLOB pattern for public pages */
char *z;
int n;
double r;
login_check_credentials();
if( !g.perm.Setup && !g.perm.Admin ){
login_needed(0);
return;
}
style_header("Security Audit");
|
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
-
-
+
+
|
@ <li><p>This repository is <big><b>INSECURE</b></big> because
@ it allows anonymous users to push unversioned files.
@ <p>Fix this by <a href="takeitprivate">taking the repository private</a>
@ or by removing the "y" permission from users "anonymous" and
@ "nobody" on the <a href="setup_ulist">User Configuration</a> page.
}else if( hasAnyCap(zAnonCap,"goz") ){
@ <li><p>This repository is <big><b>PUBLIC</b></big>. All
@ checked-in content can be accessed by anonymous passers-by on the
@ internet. <a href="takeitprivate">Take it private</a>.<p>
@ checked-in content can be accessed by anonymous users.
@ <a href="takeitprivate">Take it private</a>.<p>
}else if( !hasAnyCap(zAnonCap, "jry") && (zPubPages==0 || zPubPages[0]==0) ){
@ <li><p>This repository is <big><b>Completely PRIVATE</b></big>.
@ A valid login and password is required to access any content.
}else{
@ <li><p>This repository is <big><b>Mostly PRIVATE</b></big>.
@ A valid login and password is usually required, however some
@ content can be accessed anonymously:
|
241
242
243
244
245
246
247
248
249
250
251
252
253
254
|
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
|
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
|
}
if( db_get_boolean("admin-log",0)==0 ){
@ <li><p>
@ The <a href="admin_log">Administrative Log</a> is disabled.
@ The administrative log provides a record of configuration changes
@ and is useful for security monitoring.
}
#if !defined(_WIN32) && !defined(FOSSIL_OMIT_LOAD_AVERAGE)
/* Make sure that the load-average limiter is armed and working */
if( load_average()==0.0 ){
@ <li><p>
@ Unable to get the system load average. This can prevent Fossil
@ from throttling expensive operations during peak demand.
@ <p>If running in a chroot jail on Linux, verify that the /proc
@ filesystem is mounted within the jail, so that the load average
@ can be obtained from the /proc/loadavg file.
}else {
double r = atof(db_get("max-loadavg", "0"));
if( r<=0.0 ){
@ <li><p>
@ Load average limiting is turned off. This can cause the server
@ to bog down if many requests for expensive services (such as
@ large diffs or tarballs) arrive at about the same time.
@ <p>To fix this, set the "Server Load Average Limit" on the
@ <a href="setup_access">Access Control</a> page to approximately
@ the number of available cores on your server, or maybe just a little
@ less.
}else if( r>=8.0 ){
@ <li><p>
@ The "Server Load Average Limit" on the
@ <a href="setup_access">Access Control</a> page is set to %g(r),
@ which seems high. Is this server really a %d((int)r)-core machine?
}
}
#endif
@ </ol>
style_footer();
}
/*
|