From ac7e9a61460554aa0183c677bb15d1f473519f55 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 07 Dec 2012 08:24:43 -0500
Subject: [PATCH] Harden metrics from polluted data (issue-176)

---
 distrib/gitblit.properties |   90 ++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 88 insertions(+), 2 deletions(-)

diff --git a/distrib/gitblit.properties b/distrib/gitblit.properties
index 411699f..ce269d2 100644
--- a/distrib/gitblit.properties
+++ b/distrib/gitblit.properties
@@ -69,6 +69,28 @@
 # SINCE 0.5.0
 git.enableGitServlet = true
 
+# If you want to restrict all git servlet access to those with valid X509 client
+# certificates then set this value to true.
+#
+# SINCE 1.2.0
+git.requiresClientCertificate = false
+
+# Enforce date checks on client certificates to ensure that they are not being
+# used prematurely and that they have not expired.
+#
+# SINCE 1.2.0
+git.enforceCertificateValidity = true
+
+# List of OIDs to extract from a client certificate DN to map a certificate to
+# an account username.
+#
+# e.g. git.certificateUsernameOIDs = CN
+# e.g. git.certificateUsernameOIDs = FirstName LastName
+#
+# SPACE-DELIMITED
+# SINCE 1.2.0
+git.certificateUsernameOIDs = CN
+
 # Only serve/display bare repositories.
 # If there are non-bare repositories in git.repositoriesFolder and this setting
 # is true, they will be excluded from the ui. 
@@ -460,6 +482,19 @@
 # SINCE 0.5.0   
 web.allowZipDownloads = true
 
+# If *web.allowZipDownloads=true* the following formats will be displayed for
+# download compressed archive links:
+#
+# zip   = standard .zip
+# tar   = standard tar format (preserves *nix permissions and symlinks)
+# gz    = gz-compressed tar
+# xz    = xz-compressed tar
+# bzip2 = bzip2-compressed tar
+#
+# SPACE-DELIMITED
+# SINCE 1.2.0
+web.compressedDownloads = zip gz
+
 # Allow optional Lucene integration. Lucene indexing is an opt-in feature.
 # A repository may specify branches to index with Lucene instead of using Git
 # commit traversal. There are scenarios where you may want to completely disable
@@ -469,12 +504,31 @@
 # SINCE 0.9.0
 web.allowLuceneIndexing = true
 
+# Allows an authenticated user to create forks of a repository
+#
+# set this to false if you want to disable all fork controls on the web site
+#
+web.allowForking = true
+
+# Controls the length of shortened commit hash ids
+#
+# SINCE 1.2.0
+web.shortCommitIdLength = 6
+
 # Use Clippy (Flash solution) to provide a copy-to-clipboard button.
 # If false, a button with a more primitive JavaScript-based prompt box will
 # offer a 3-step (click, ctrl+c, enter) copy-to-clipboard alternative.
 #
 # SINCE 0.8.0
 web.allowFlashCopyToClipboard = true
+
+# Default maximum number of commits that a repository may contribute to the
+# activity page, regardless of the selected duration.  This setting may be valuable
+# for an extremely busy server.  This value may also be configed per-repository
+# in Edit Repository. 0 disables this throttle.
+#
+# SINCE 1.2.0
+web.maxActivityCommits = 0
 
 # Default number of entries to include in RSS Syndication links
 #
@@ -679,7 +733,7 @@
 #
 # SPACE-DELIMITED
 # SINCE 0.5.0
-web.prettyPrintExtensions = c cpp cs css htm html java js php pl prefs properties py rb sh sql xml vb
+web.prettyPrintExtensions = c cpp cs css frm groovy htm html java js php pl prefs properties py rb scala sh sql xml vb
 
 # Registered extensions for markdown transformation
 #
@@ -1101,17 +1155,49 @@
 # RESTART REQUIRED
 server.ajpBindInterface = localhost
 
+# Alias of certificate to use for https/SSL serving.  If blank the first
+# certificate found in the keystore will be used. 
+#
+# SINCE 1.2.0
+# RESTART REQUIRED
+server.certificateAlias = localhost
+
 # Password for SSL keystore.
 # Keystore password and certificate password must match.
 # This is provided for convenience, its probably more secure to set this value
 # using the --storePassword command line parameter.
 #
+# If you are using the official JRE or JDK from Oracle you may not have the
+# JCE Unlimited Strength Jurisdiction Policy files bundled with your JVM.  Because
+# of this, your store/key password can not exceed 7 characters.  If you require
+# longer passwords you may need to install the JCE Unlimited Strength Jurisdiction
+# Policy files from Oracle.
+#
+# http://www.oracle.com/technetwork/java/javase/downloads/index.html
+#
+# Gitblit and the Gitblit Certificate Authority will both indicate if Unlimited
+# Strength encryption is available.
+#
 # SINCE 0.5.0
 # RESTART REQUIRED
 server.storePassword = gitblit
+
+# If serving over https (recommended) you might consider requiring clients to
+# authenticate with ssl certificates.  If enabled, only https clients with the
+# a valid client certificate will be able to access Gitblit.
+#
+# If disabled, client certificate authentication is optional and will be tried
+# first before falling-back to form authentication or basic authentication.
+#
+# Requiring client certificates to access any of Gitblit may be too extreme,
+# consider this carefully.
+#
+# SINCE 1.2.0
+# RESTART REQUIRED
+server.requireClientCertificates = false
 
 # Port for shutdown monitor to listen on.
 #
 # SINCE 0.5.0
 # RESTART REQUIRED
-server.shutdownPort = 8081
\ No newline at end of file
+server.shutdownPort = 8081

--
Gitblit v1.9.1