[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SV: Accessing different revs via Apache?

From: Karl Fogel <kfogel_at_newton.ch.collab.net>
Date: 2002-10-10 19:00:16 CEST

Noel Yap <yap_noel@yahoo.com> writes:
> The problem with relying on Apache authorization
> (rather than authentication) is that it allows
> circumvention by different client implementations (eg
> local) and it has no knowledge of the possible
> operations that need to be controlled. The beauty of
> CVS permissioning was that it was done through the
> file system making it less subvertible by anything (if
> the notion of tags and branches were implemented
> through the file system rather than internally through
> RCS files, permissioning of these items would've come
> for free).

The *only* thing really protecting the data from local access is the
OS filesystem permissions.

With Subversion-level access control, You can protect friendly local
clients from accidentally doing things they shouldn't do. There is
nothing you can do against someone with local access who wants to
commit, except make sure the repository is not writeable by that OS
user.

After all, a really desperate person can always bring the Berkeley DB
files into vi and edit them :-). Unless they don't have write perms.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 10 19:27:59 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.