Files
@ 1346754f1852
Branch filter:
Location: kallithea/init.d/kallithea-upstart.conf - annotation
1346754f1852
740 B
text/plain
forms: don't use secure forms with authentication token for GET requests
The token is secret and should never be used in forms posted with GET which are
URL encoded. aef21d16a262 was too aggresive in using secure forms everywhere
and did thus also incorrectly use them for forms posted with GET.
Some token leakage was reported by Gjoko Krstic <gjoko@zeroscience.mk> of Zero
Science Lab.
The token is secret and should never be used in forms posted with GET which are
URL encoded. aef21d16a262 was too aggresive in using secure forms everywhere
and did thus also incorrectly use them for forms posted with GET.
Some token leakage was reported by Gjoko Krstic <gjoko@zeroscience.mk> of Zero
Science Lab.
99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 24c0d584ba86 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 99ad9d0af1a3 | # kallithea - run the kallithea daemon as an upstart job
# Change variables/paths as necessary and place file /etc/init/kallithea.conf
# start/stop/restart as normal upstart job (ie: $ start kallithea)
description "Kallithea Mercurial Server"
author "Matt Zuba <matt.zuba@goodwillaz.org"
start on (local-filesystems and runlevel [2345])
stop on runlevel [!2345]
respawn
umask 0022
env PIDFILE=/var/hg/kallithea/kallithea.pid
env LOGFILE=/var/hg/kallithea/log/kallithea.log
env APPINI=/var/hg/kallithea/production.ini
env HOME=/var/hg
env USER=hg
env GROUP=hg
exec /var/hg/.virtualenvs/kallithea/bin/paster serve --user=$USER --group=$GROUP --pid-file=$PIDFILE --log-file=$LOGFILE $APPINI
post-stop script
rm -f $PIDFILE
end script
|