Re: 1.2 features: svn ls

On Wed, Mar 09, 2005 at 12:55:22AM +0100, Molle Bestefich wrote:
> I can recommend another "security by obscurity"-based approach, it's
> called password authentication :-)..
>
> On a more serious note, ye gods, I hope that that's not how you or
> anybody indeed secure their repositories? Haven't played with it so I
> know nothing about it, but isn't there some simple solution to your
> problem that is just remotely secure?

That's not what he said. He didn't imply that his other repositories
were not password protected. What he meant was that the user didn't
necessarily need to know they existed. This is a common situation in
many organizations.

The organization might be building a product they don't want outsiders
or even some insiders to know about yet. They might be a government
agency working on projects that have classification issues. Or maybe
it's just a personal repository with things in it that nobody else needs
to know exists...

That said I don't see this as a particularly valid reason to not permit
repository directories. But I do think it's not an especially easy
service to provide as others have pointed out. There has been some work
to support something like this with http but that's really the only
place it makes a lot of sense.

-- 
Ben Reser <ben@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org