[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Should authz return errors? (Was: Re: SoC: Path-based authz for Svnserve)

From: Joseph Galbraith <galb_at_vandyke.com>
Date: 2005-07-01 21:06:39 CEST

Greg Hudson wrote:
> On Fri, 2005-07-01 at 14:13 +0200, David Anderson wrote:
>
>>So, this all comes down to: should the authz API return errors when it
>>discovers a malformed ACL configuration?
>
>
> While it's probably best to have an svn_error_t * return for the
> relevant functions, I think in practice, errors should be returned when
> the authz file is read, not when authz queries are made.
>
> That means the reading code has to go to a substantial amount of extra
> work validating everything, but:
>
> * This way you'll notice immediately if you screw up your authz file,
> instead of only noticing when you try to check out or commit to some
> obscure part of your repository.
>
> * This way will produce much more graceful failure than conking out in
> the middle of an update/commit.

While I'm not sure it is possible with this particular
file format, in general silently ignoring errors when
reading data that says who is and isn't allowed to access
data seems like a really bad idea.

(Does authz support a deny directive?)

What if because of the error bad_guy_jones now has access
to data the administrator thinks he has protected... and
the error was silently ignored so the administrator has no
idea that there is a problem.

Thanks,

Joseph

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Jul 1 21:24:56 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.