On Tue, Jun 30, 2020 at 8:16 PM Craig Russell wrote:
>
> Hi Whimsifiers,
>
> I've just tested the live coi.cgi site and it appears to be just fine. I have
> signed my own live annual COI affirmation.
>
> If anyone else is required to sign and can test the live site, please do.
>
> I will make a g
Hi Whimsifiers,
I've just tested the live coi.cgi site and it appears to be just fine. I have
signed my own live annual COI affirmation.
If anyone else is required to sign and can test the live site, please do.
I will make a general announcement [1] tomorrow inviting the other required
signa
On Tue, 30 Jun 2020 at 22:58, Craig Russell wrote:
>
> I updated /private/etc/apache2/other/whimsy.conf by prepending PATH with the
> location in my file system to svnmucc: /usr/local/opt/subversion/bin. Both
> svn and svnmucc are the 2020 versions.
> svn, version 1.14.0 (r1876290)
>compiled
I updated /private/etc/apache2/other/whimsy.conf by prepending PATH with the
location in my file system to svnmucc: /usr/local/opt/subversion/bin. Both svn
and svnmucc are the 2020 versions.
svn, version 1.14.0 (r1876290)
compiled Jun 22 2020, 22:13:07 on x86_64-apple-darwin18.7.0
svnmucc, ver
Unfortunately, support for tainting is going away by Ruby 3.2 And in
Ruby 2.7 was scaled back to the point of being unusable[1].
Given this, over time we will need to move from a strategy of relying
exclusively on making checks at the point of entry to complementing
those checks at points where c
On Tue, 30 Jun 2020 at 20:38, wrote:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> rubys pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/whimsy.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
>
On Tue, Jun 30, 2020 at 2:33 PM Craig Russell wrote:
>
> > On Jun 30, 2020, at 11:06 AM, Sam Ruby wrote:
> >
> > What does `which svnmucc` return? If it is not present, install it
> > via `brew install subversion`. If it is present, make sure that its
> > path is included by the web server.
>
>
> On Jun 30, 2020, at 11:06 AM, Sam Ruby wrote:
>
> What does `which svnmucc` return? If it is not present, install it
> via `brew install subversion`. If it is present, make sure that its
> path is included by the web server.
[MacBook-Pro-10:~/apache/git/whimsy] clr% which svnmucc
/opt/loca
Tainting is a way of keeping track whether or not user input has been
validated before being used in a potentially unsafe context like
executing commands. It's the Ruby equivalent of handling SQL injection
but for general injection tracking.
On Fri, 26 Jun 2020 at 12:45, Craig Russell wrote:
>
>
What does `which svnmucc` return? If it is not present, install it
via `brew install subversion`. If it is present, make sure that its
path is included by the web server.
- Sam Ruby
On Tue, Jun 30, 2020 at 1:49 PM Craig Russell wrote:
>
>
>
> > On Jun 30, 2020, at 10:35 AM, Sam Ruby wrote:
>
> On Jun 30, 2020, at 10:35 AM, Sam Ruby wrote:
>
> Does "curl --head http://whimsy.local/roster/"; respond with:
>
> HTTP/1.1 401 Unauthorized
Yes.
>
> Are you still using rackup or are you using whimsy.local?
For the roster testing I am using localhost:9292.
>
> As currently set up, the
Does "curl --head http://whimsy.local/roster/"; respond with:
HTTP/1.1 401 Unauthorized
Are you still using rackup or are you using whimsy.local?
As currently set up, the rack/passenger application is assuming that
the Apache HTTPD web server is performing authentication. If you
bypass Apache h
In my local environment I added the source code in memstat.json.rb :
Wunderbar.warn("$USER: #{$USER}")
Wunderbar.warn("$PASSWORD: #{$PASSWORD}")
Wunderbar.warn("env.user: #{env.user}")
Wunderbar.warn("env.password: #{env.password}")
Wunderbar.warn("ENV['USER']: #{ENV['USER']}")
Wunderbar.warn("ENV
The svnmucc command acts directly on the repo, so credentials are
always required.
The only exception is if the repo doesn't require auth (e.g. a local test repo).
One other exception: the 'help' command.
For svn commands, credentials are generally needed for changes to the repo.
For private repos
On Tue, 30 Jun 2020 at 14:16, Craig Russell wrote:
>
> Anything more to add here? Please?
AFAICT multiUpdate_ and svnmucc_ are working OK.
Therefore suspicion falls on the env object -- does it actually
contain a password?
Hence my previous suggestion to check whether that is the case or not.
Maybe a simpler question: In the cgi environment, where are credentials to be
found? And when are credentials required to be presented? In the roster
environment, where are credentials found? And when are they needed to be
presented?
Thanks,
Craig
> On Jun 30, 2020, at 6:16 AM, Craig Russell
Anything more to add here? Please?
Craig
> On Jun 29, 2020, at 4:29 PM, Craig Russell wrote:
>
> I'm just confused why the password is needed, since the "_" contains user and
> password.
>
> Where does the password go when using multiUpdate? It's in the "_" that's
> passed in. Where is the p
17 matches
Mail list logo
