Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Security enhancement: Do not store the passwords for remote URLs directly, but instead store the sha1_shared_secret() encoding of those passwords. It is the SHA1 encoding that gets transmitted to the server anyhow, so we might as well just store that. The SHA1 encoding cannot be used to log in. The password is still protected using obscure() even though it is now a SHA1 hash. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
41ba6ea7db6ce2ce159709ce9b95dee4 |
| User & Date: | drh 2022-12-30 20:54:10.613 |
References
|
2024-01-29
| ||
| 05:50 | • Wiki page "To Do List" ... (artifact: 7f3dab46aa user: stephan) | |
Context
|
2022-12-30
| ||
| 21:12 | Improved comment on the db_obscure() routine. No functional code changes. ... (check-in: aa1a0b31e2 user: drh tags: trunk) | |
| 20:54 | Security enhancement: Do not store the passwords for remote URLs directly, but instead store the sha1_shared_secret() encoding of those passwords. It is the SHA1 encoding that gets transmitted to the server anyhow, so we might as well just store that. The SHA1 encoding cannot be used to log in. The password is still protected using obscure() even though it is now a SHA1 hash. ... (check-in: 41ba6ea7db user: drh tags: trunk) | |
| 16:32 | Show the parent-project-* CONFIG entries (if they exist) with the "fossil remote config-data" command. When parsing a URL, if the URL comes from the CONFIG table, remember the CONFIG table entry that supplied the password. ... (check-in: 6d0083adce user: drh tags: trunk) | |
Changes
Changes to src/db.c.
Changes to src/http.c.
Changes to src/sqlcmd.c.
Changes to src/sync.c.
Changes to src/xfer.c.