Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F13180382
D15173.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
1 KB
Referenced Files
None
Subscribers
None
D15173.diff
View Options
diff --git a/src/docs/user/userguide/diffusion_hosting.diviner b/src/docs/user/userguide/diffusion_hosting.diviner
--- a/src/docs/user/userguide/diffusion_hosting.diviner
+++ b/src/docs/user/userguide/diffusion_hosting.diviner
@@ -127,8 +127,13 @@
use only anonymous HTTP, you can leave this setting disabled.
If you plan to use authenticated HTTP, you'll also need to configure a VCS
-password in {nav Settings > VCS Password}. This is a different password than
-your main Phabricator password primarily for security reasons.
+password in {nav Settings > VCS Password}.
+
+Your VCS password must be a different password than your main Phabricator
+password because VCS passwords are very easy to accidentally disclose. They are
+often stored in plaintext in world-readable files, observable in `ps` output,
+and present in command output and logs. We strongly encourage you to use SSH
+instead of HTTP to authenticate access to repositories.
Otherwise, if you've configured system accounts above, you're all set. No
additional server configuration is required to make HTTP work.
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Thu, May 9, 11:32 PM (3 w, 11 h ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6274427
Default Alt Text
D15173.diff (1 KB)
Attached To
Mode
D15173: Clarify why VCS passwords must be unique
Attached
Detach File
Event Timeline
Log In to Comment