commands: explain that "hg serve" does not do authentication stable
authorMartin Geisler <mg@lazybytes.net>
Fri, 07 May 2010 17:03:31 +0200
branchstable
changeset 11103 d29bd98ebff6
parent 11102 275198bc904a
child 11104 9fa028431957
child 11123 8dd69bee71da
child 11157 825db62a6f72
commands: explain that "hg serve" does not do authentication
mercurial/commands.py
--- a/mercurial/commands.py	Fri May 07 17:01:14 2010 +0200
+++ b/mercurial/commands.py	Fri May 07 17:03:31 2010 +0200
@@ -2882,6 +2882,12 @@
     recommended to use a real web server to serve a repository for
     longer periods of time.
 
+    Please note that the server does not implement access control.
+    This means that, by default, anybody can read from the server and
+    nobody can write to it by default. Set the ``web.allow_push``
+    option to ``*`` to allow everybody to push to the server. You
+    should use a real web server if you need to authenticate users.
+
     By default, the server logs accesses to stdout and errors to
     stderr. Use the -A/--accesslog and -E/--errorlog options to log to
     files.