[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Limiting access to only commit messages

From: David Resnick <abunetta_at_gmail.com>
Date: 2006-03-03 07:23:03 CET

Thanks for your reply! Sorry about not getting back to this for so long.

I've finally had the chance to try and check this out though I have been
unable to check, due to a problem I'm having with Apache security. I have
the following block to allow limited access to Subversion, though for
unknown reasons this allows GET methods to the /svn-test path:

<Location /svn-test>
        Satisfy all
        <LimitExcept PROPFIND>
                Require valid-user
        </LimitExcept>

        DAV svn
        SVNParentPath "E:\."

        # how to authenticate a user
        AuthType SSPI
        SSPIAuth On
        SSPIAuthoritative On
        SSPIDomain <domaincontroller>
        SSPIOfferBasic On
        SSPIOmitDomain On

</Location>

I will continue to try to get this working in order to test the ability of
limiting the Subversion access.

-David Resnick

> -----Original Message-----
> From: sussman@gmail.com [mailto:sussman@gmail.com] On Behalf Of Ben
> Collins-Sussman
> Sent: Wednesday, January 25, 2006 15:59
> To: David Resnick
> Cc: dev@subversion.tigris.org
> Subject: Re: Limiting access to only commit messages
>
> On 1/25/06, David Resnick <abunetta@gmail.com> wrote:
> > doesn't
> > describe what the connection is between Apache access methods and
> Subversion
> > actions.
>
> That's because the mapping of HTTP methods to Subversion actions is
> insanely complex. Typically several methods are required to achieve a
> single subversion action. You can see a description here, though it's
> only a very high-level view:
>
> http://svn.collab.net/repos/svn/trunk/subversion/libsvn_ra_dav/protocol
>
> From the user's standpoint, then, the only things that exist are
>
> * blanket read/write control using apache <Limit> or <LimitExcept>
> directives
> * per-path read/write control using mod_authz_svn
>
> You can *try* telling apache to allow nothing but PROPFIND requests,
> and that *might* do what you want, but I'm skeptical it will work.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Mar 3 07:22:49 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.