Alexis Huxley wrote:
>Hi
>
>A Subversion and/or Apache problem:
>
>I've got my homepage stored in Subversion; that is I run:
>
> svn co http://blah.blah/svn/homepage ~/public_html
>
>For various reasons I don't want to 'make install' my homepage to
>~/public_html from somewhere else, and of course I don't want to
>remove the .svn's either.
>
>The problem is that I can retrieve .svn/auth/{username,password}
>through a web browser so anybody could get me password. (Don't bother
>trying now ;-) they're not there.)
>
>I'm can see that this isn't strictly a purely Subversion question,
>but I trawled the apache docs looking for how to use .htaccess to
>control access to subdirectories of a directory rather than the
>directory itself, but no luck.
>
>I'm wondering what my options are.
>
Have you tried this? You can put it in the global config file, but it'll
be specific to your home directory:
<Directory /home/ahuxley>
<Files .svn>
Order deny, allow
Deny from all
</Files>
<Directory>
[snip]
>Can anybody suggest any other options? Thanks!
>
>
Run Apache as a different user; the .svn/auth directory is readable only
by the owner, so all you have to do is make sure that the user Apache is
running as is not the owner of the working copy files.
--
Brane Čibej <brane_at_xbc.nu> http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jan 7 17:23:37 2003