[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: It this possible: disabling directory listings?

From: Pekka Niiranen <pekka.niiranen_at_wlanmail.com>
Date: 2007-01-18 08:17:27 CET

Matt Sickler wrote:
> the best answer is probably:
> You cant. At least not reliably.
> Security through obscurity = no security.

Security through obscurity = no security?
True. But more clients allowed => more documentation
needed (browse settings) + more buggy software to worry about.

>
> Besides, anyone can use the svn client to ls the directory anyway.
>
> On 1/17/07, *Andy Levy* <andy.levy@gmail.com
> <mailto:andy.levy@gmail.com>> wrote:
>
> On 1/17/07, Pekka Niiranen <pekka.niiranen@wlanmail.com
> <mailto:pekka.niiranen@wlanmail.com>> wrote:
> > Hi,
> >
> > I am using Apache and SSL with subversion database.
> > Users are asked to provide username + password both
> > when accessing repository thru DOS command line (svn update)
> > and when pointing their browsers to
> > https://<server name>/<subversion directory>.
> >
> > But how can I disable directory listings thru WWW -page?
> >
> > I would like the users to be able to access files ONLY
> > thru commands from DOS prompt.
>
> Write a rule in Apache denying access to User-Agents which match a
> pattern that catches "most" web browsers? Or, only allowing access to
> the User-Agent reported by Subversion clients?
>
> My command-line client reports a User-Agent of: SVN/1.4.0 (r21228)
> neon/0.26.1
>
> TortoiseSVN reports SVN/1.4.2 (r22196) neon/0.26.2
>
> Can't speak for other clients, but I think if you only allow
> User-Agents starting with SVN/ you'll lock out web browsers. Until
> someone figures out they can change their UA in their browser, anyway.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> <mailto:users-unsubscribe@subversion.tigris.org>
> For additional commands, e-mail: users-help@subversion.tigris.org
> <mailto:users-help@subversion.tigris.org>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jan 18 08:16:13 2007

This is an archived mail posted to the Subversion Users mailing list.