[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Fwd: 1.2 features: svn ls

From: Peter N. Lundblad <peter_at_famlundblad.se>
Date: 2005-03-09 16:16:16 CET

On Wed, 9 Mar 2005, Molle Bestefich wrote:

> Marcus Rueckert wrote:
> > or maybe some svn hosting service like wush.net?
> > just because i have my repos there i dont need to know about their other
> > customers.
>
> Again, hiding stuff from particular users or groups is a common part
> of many (most?) filesystem security mechanisms. I believe that if
> wush.net offers svn hosting, they should have a authentication system
> in place, and not rely on the idea that people probably won't be able
> to guess what the other repositories they host are named.
>
> Besides, if you base your security on the notion that others can't
> guess the name of your repository, you're also kind of lending
> yourself to brute-force guessing, are you not?
>
I aggree completely. I don't understand this security by obscurity
argument at all. If we added such a feature we could make it configurable
or add authentication to it.

Like Karl, I really doubt this could go into 1.2. Especially since there
is a reasonably simple work-around, use some CGI script for browsing
available repositories. Over HTTP, use it in a web browser aned paste the
URLs.

Regards,
//Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Mar 9 16:14:31 2005

This is an archived mail posted to the Subversion Dev mailing list.