Re: enhanced tsvn: protocol

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Wed, 10 Jun 2009 17:58:19 +0200

Hans-Emil Skogh wrote:
>>>> Now I saw this checkout link feature and thought about an enhanced
>>>> version:
>>>> Add an extra command "link" to TortoiseProc.exe, which takes an "/url"
>>>> as an option.
>>> I think it's a great idea!
>>> Mostly I miss being able to access the log dialog and ideally to be able
>>> to show the diff of two files.
>> And here's exactly the problem: where would this end?
>
>
>
> It is a good question. And exactly because of that I think that the
> proposal was kind of nice: It is limited in scope by (more or less)
> saying that web-links should be able to open the dialogs in TSVN that
> you can open from the command line. Not an unreasonable scope bloat if
> you ask me.
>
>
>
>> I'm not comfortable at all exposing TSVN to the web like this.
>
> So what would you say are the risks? I would say that the biggest risk
> would be the possibility to find and exploit any weaknesses in how TSVN
> parses the URL (or their arguments) to create a security hole. But since
> we already have a web integration that risk is already present.
> I definately understand you concerns. But I think that the gains
> probably would outweight the risks here. We would not create a whole new
> vector of attack here, only modify (and, admittedly, expand) one that is
> already present.
> But maybe I'm missing something crucial here...
>
>> If you really want such features, it would be much better if you set up
>> something on the server. For example, you could install Trac which
>> appears to be a popular choice for this.
> Yes. A server side solution is absolutely an option. But it is much more
> work to set up, and in some situations it might not even be possible. To
> enable this kind of fast and easy integration between a web-application
> and TSVN would make it possible to use really light weight integration
> in almost any tool by simply providing custom urls.

http://issues.tortoisesvn.net/index.php?do=details&task_id=440

> (And btw: I have used Trac and I must confess I'm no big fan of it...
> None of the web interfaces I have tried have come close to the power and
> user friendlieness that TSVN can provide to a developer.)

I agree, I never liked the UI of Trac either.

Stefan

-- 
       ___
  oo  // \\      "De Chelonian Mobile"
 (_,\/ \_/ \     TortoiseSVN
   \ \_/_\_/>    The coolest Interface to (Sub)Version Control
   /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=2360974
To unsubscribe from this discussion, e-mail: [dev-unsubscribe_at_tortoisesvn.tigris.org].

application/pgp-signature attachment: OpenPGP digital signature

Received on 2009-06-10 17:58:27 CEST

This message: [ Message body ]
Next message: Stefan Küng: "Re: Severe merge problem with Tortoise 1.5.x"
Previous message: Robert Dailey: "Re: New idea for the checkout process"
In reply to: Hans-Emil Skogh: "Re: enhanced tsvn: protocol"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]