[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

unsafe authorisation hack?

From: temp temp <temp_at_scue.co.uk>
Date: 2007-04-02 15:03:39 CEST

I'm currently trying to add a little bit of authorisation to one of my
repositories that is served by apache. I found that using the normal
svn authorisation mechanism made retrieving log messages too slow to
be usable.

I then tried a basic system of limiting access to certain Locations
(and dav commands):

<Location /svn/web/live/>
    RequireGroup blah
</Location>

This worked pretty well. Unfortunately it still allows users to drag
folders around within the repo-browser (I'm trying to avoid people
accidentally moving important folders).

I'm now using the LocationMatch tag directly on the !svn locations
(LocationMatch is required to regex match the unknown version number):

<LocationMatch "/2ndbyte/!svn/ver/[^/]*/web/live.*">
    RequireGroup blah
</LocationMatch>

My question is basically - is this safe? I'm no apache/svn expert so I
don't really understand the risks. Obviously it's much harder to get
the rules correct this way (as it's pretty cumbersome). Mostly I'm
worried that this might allow part of a commit to complete but then
fail too late in the process to roll back.

Also, does anyone have any idea of what the performance impact of this
solution is?

Aidan.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Apr 2 15:04:21 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.