[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] svnserve per-user read/write access control

From: Max Bowsher <maxb_at_ukf.net>
Date: 2004-09-04 21:06:49 CEST

Atanas Raykov wrote:
>> An example svnserve.conf might look like this:
>>
>> [general]
>> # Default to read access for both authenticated and unauthenticated
>> # users.
>> anon-access = read
>> auth-access = read
>> password-db = /svn/conf/global-passwd
>>
>> [auth]
>> # Let athomas have write access to the repository.
>> athomas = write
>> # Deny gchristian access to the repository.
>> gchristian = none
>>
>>
> Just a quick thought here. It's pretty neat to have such a feature, but
> I have some security issues. If somehow, somebody is able to steal
> svnserve.conf, he'll see only the server configuration and the location
> on password-db, but won't see any username or password. With this patch,
> he'll be able to see an username and try to access the repository by
> guessing it's password (we're talking about the case anon-access = none
> and auth-access = write). Is it possible to move the [auth] part in the
> password-db file?

BAD IDEA.

The password-db contains highly sensitive info. (passwords)

However, admins may want to edit the auth config, which is far less
sensitive, on a terminal where they cannot be 100% sure no one is looking
over their shoulder.

However, I think we should be putting serious effort into re-using the
mod_authz_svn access file format.

Make *that* a seperate file.

Max.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Sep 4 21:07:14 2004

This is an archived mail posted to the Subversion Dev mailing list.