[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: repository security (Was: Accessing different revs via Apache?)

From: Noel Yap <yap_noel_at_yahoo.com>
Date: 2002-10-10 20:24:51 CEST

--- Karl Fogel <kfogel@newton.ch.collab.net> wrote:
> The *only* thing really protecting the data from
> local access is the
> OS filesystem permissions.

This is a very good point.

> With Subversion-level access control, You can
> protect friendly local
> clients from accidentally doing things they
> shouldn't do. There is
> nothing you can do against someone with local access
> who wants to
> commit, except make sure the repository is not
> writeable by that OS
> user.

Right. I suppose it would be possible to create a
client/server pair that acted the way CVS does (eg
using a remote shell of some sort) -- not that I would
be the one to write such a thing :-). If one were
possible, would the repo permissions be
all-or-nothing, or could some user/group have
read-only priveleges and others read/write priveleges
all set via file permissions?

> After all, a really desperate person can always
> bring the Berkeley DB
> files into vi and edit them :-). Unless they don't
> have write perms.

If the above were possible then one could secure the
repository although if they wanted to open it up via
DAV, they would have to contend with its security
issues.

Noel

__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 10 20:25:30 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.