Mercurial Mercurial > hg > mercurial-server / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
doc/security
branchdebian
changeset 172 5dd3698fad54
parent 118 107906bfe2c6
parent 171 7b69d1d86254
child 174 f141a4b9d5a9 
--- a/doc/security	Tue Oct 13 18:32:26 2009 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
-SECURITY OF MERCURIAL-SERVER
-
-mercurial-server relies entirely on sshd to grant access to remote users.
-As a result, it runs no daemons, installs no setuid programs, and no part
-of it runs as root except the install process: all programs run as the user
-hg. And any attack on mercurial-server can only be started if the Bad Guys
-already have a public key in ~hg/.ssh/authorized_keys, otherwise sshd will
-bar the way.
-
-No matter what command the user tries to run on the remote system via ssh,
-mercurial-server is run. It parses the command line the user asked for, and
-interprets and runs the corresponding hg operation itself if access is
-allowed, so users can only read and add to history within repositories;
-they cannot run any other hg command. In addition, every push and pull is
-logged with a datestamp, changeset ID and the key that performed the
-operation.
-
-However, while the first paragraph holds no matter what bugs
-mercurial-server contains, the second depends on the relevant code being
-correct; though the entire codebase is short, mercurial-server is a fairly
-new program and may harbour bugs. Backups are essential!
mercurial-server