"Nitin Shukla" <nitinshukla@infotech.stph.net> writes:
> Apache can handle request for remote svn client. We can solve the problem
of
> Access
> Control with your approach. But how do we go about handling the local svn
> client
> requests? One approach seems to be the hook programs but currently they
are
> not
> sufficient hook programs to provide read, write control.
Nitin, are you aware that local (`ra_local') access control is
ultimately governed by OS file permissions? Even if Subversion had
ACLs, they would only be secure over ra_local with a friendly client.
Anyone could bypass the access control with a little ingenuity.
There's really no way around this problem, if the client is on the
same machine as the repository.
Indeed the access control is ultimately governed by OS file permissions. Is
there
a way of setting OS level file and folder permissions for every files and
folder
we check into the Subversion repository, say something similar to Unix style
permission. Guess, this would require an ACL system inherent to libsvn_fs.
Probably, I am asking too much and trying to figure out something
impossible.
ra_local really looks to be insecure by design. Does Subversion intend to
eliminate
this method of accessing repository in future version of subversion and
probably use
ra_svn even for local access.
Finally, when is the Subversion 1.0 or beta version intended to be released?
Nitin.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Jan 3 08:08:02 2003