Serving HG repositories on Windows 2012 R2 Server.

[Matt Mackall]

On Mon, 2015-09-28 at 14:28 +0000, Anders Ishoey (INT) wrote:
> Hi Donald,
> 
> I'm aware that the random function is not the (real) problem.

It is for Donald, we've called him in as a Python developer.

> I am also aware of
> https://stackoverflow.com/questions/12639930/python-cgi-in-iis-issue-with-urandom-function
> I should have written that too.

Yes, very helpful.

> My problem is that I assume that I can't use "impersonate user".
> I assume that each user needs to run under his own account in order ensure that he doesn't access repositories he shouldn't access. 
> At least that is how I understand how to control repository access.

Actually, with hgweb, the idea is that there's a single Windows account
for hg on the server and hgweb controls access via its allow lists and
webserver auth username/password pairs ("accounts" but not to be
confused with the underlying OS accounts).

> So, I think I'm can slightly rephrase my original problem:
>  
> Q1) Is there something in the web server that strips off rights when I run CGI via https compared to when I run from the python command line.

With IIS, probably. It is the source of many a mysterious headache. Can
we recommend to you basically any other webserver?

-- 
Mathematics is the supreme nostalgia of our time.