From: Ben Collins-Sussman [mailto:sussman@collab.net]
> "pivotgrind" <pivotgrind@hotmail.com> writes:
[...]
> > Authorization
> > By authorization, we mean answering the question:
> >
> > "Is user X allowed to perform action Y on data Z?"
> >
> > The Subversion filesystem provides a single interface for
> answering this
> > question.
>
> Sorry, that part of the design doc is waaaaay old. We use apache to
> do authentication, but *authorization* is a different story.
>
> For now, you need to use apache's <Location> directives (in
> httpd.conf) to restrict what certain users can and cannot do in the
> repository. You can also use pre-commit hook scripts to do the same,
> with much finer granularity. But this all has to be done in a
> home-made way.
Question from a lurker (who hasn't installed Subversion)
Given the above statement about authorization, can you use .htaccess files
checked into the repository to control access since .htaccess files can
contain directives?
>
> Someday after 1.0, we're thinking about putting real ACLs into the
> repository filesystem, provided our heads don't explode while thinking
> about it.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jun 26 22:38:00 2002