private http repository
Ezra.Smith at bentley.com
Ezra.Smith at bentley.com
Thu Jun 19 15:20:36 CDT 2008
I'm not sure if this is applicable in your case, but I've found that
using file system permissions helps for hiding repositories. Where I
work, all users have to authenticate themselves to the web server. The
Mercurial CGI process then runs as the authenticated user, and if the
user isn't part of a group that has read access to the repository (at
the file system level), that repository won't show up on the web
interface. Hgweb enumerates available repositories by looking at
somerepo/.hg and somerepo/.hg/hgrc, and since the user doesn't have the
appropriate permissions to even read the repository's .hg directory, the
repository won't be listed.
-Ezra
From: mercurial-bounces at selenic.com
[mailto:mercurial-bounces at selenic.com] On Behalf Of hg user
Sent: Thursday, June 19, 2008 6:45 AM
To: mercurial at selenic.com
Subject: private http repository
Good morning,
I just created a mercurial http server using hgwebdir.cgi for publishing
several projects.
Some are public (open-source) and have "allow_push = (userlist)", some
should be private. Using <Location> directive in the apache
configuration I'm able to have a password requested also for GET
access....
Now the question:
I need to hide some repositories, not just asking a password... they
shouldn't be listed (security by obscurity....)
I tried the [paths] way but it doesn't work....
I believe the only way is to create a new alias ( from /hg/ to... /myhg/
and having a new copy of hgwebdir.cgi and hgwebdir.conf....) and protect
/myhg/ with password...
Francesco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://selenic.com/pipermail/mercurial/attachments/20080619/7232073c/attachment.htm
More information about the Mercurial
mailing list