[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: How do SVNPath and SVNParentPath for mod_authz_svn determine the repository name

From: Sunjammer <sunjammer_at_gmail.com>
Date: 2005-09-18 03:30:04 CEST

David Anderson wrote:
> Sunjammer wrote:
>
>> Thoughts?
>
>
> I reported this bug on the May 26th in Apache-httpd's bugzilla, under
> the mod_dav section:
> http://issues.apache.org/bugzilla/show_bug.cgi?id=35077
>
> Unfortunately, in hindsight of what I've learned of Apache and svn
> since, mod_dav is not really to blame. It seems the LocationMatch
> problem runs deeper, in the behaviour of the directive itself.
>
> If someone has the time and sufficient knowledge of apache-httpd,
> getting to the root of this problem and posting a bug report targetted
> at the right element of the httpd would be really nice.
>
>> I'm expecting someone to say don't allow LocationMatch. This would
>> prevent me being able to use mod_authz_svn to secure the ViewCVS
>> browse interface by URL and yet still be able to have the top level
>> list of repositories unprotected (and therefore free of the curse of a
>> realm username/password challenge dialog).
>
>
> I won't. See my bug report. I was trying to set up a LocationMatch so
> that /svn followed by /[a-z]+ (using a lookahead assertion) would be
> passed to mod_dav_svn. This would have enabled querying /svn/index.html
> and other files with no further hassle, facilitating the construction of
> a repository listing with a logical URI pattern (foo.com/svn lists
> repositories, foo.com/svn/bar is repository bar). But because of the way
> LocationMatch behaves, I got stuck mostly as you did.
>
>> Of course then someone will say that I shouldn't be using
>> mod_authz_svn to secure anything but what it was intended to secure,
>> i.e. the URL space reserved for SVN repository addressing and *not* my
>> ViewCVS URL space. To that I can only say "fair cop guvnor" - although
>> mod_authz_svn is damn useful the way I'm abusing it :)
>
>
> As long as it works the way you abuse it, where is the problem? The
> problem here is not with svn imho, but rather with the way apache-httpd
> treats LocationMatch and subsystems invoked on a LocationMatch.
>
> Any opinions by more apache-savvy people on this + my aging bugreport?

It works fine for my purposes though I dislike using a modified version
of subversion in production.

I'll look into this issue further and post back here. Thanks for the
excellent bug report, spot on.

Ximon

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sun Sep 18 03:30:59 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.