[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: working copy is web-accessible, .svn/auth/* retrievable

From: Colin Watson <cjwatson_at_flatline.org.uk>
Date: 2003-01-07 18:41:33 CET

On Tue, Jan 07, 2003 at 05:20:37PM +0100, Branko ??ibej wrote:
> Alexis Huxley wrote:
> >Can anybody suggest any other options? Thanks!
>
> Run Apache as a different user; the .svn/auth directory is readable only
> by the owner, so all you have to do is make sure that the user Apache is
> running as is not the owner of the working copy files.

My chief concern is that .svn/entries, .svn/text-base, and so on are
world-readable. While these aren't all authentication data, some of them
are certainly things I don't necessarily want to export via HTTP.

If I 'chmod 700 .svn' from a Makefile, will anything in the svn client
chmod it back?

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jan 7 18:42:24 2003

This is an archived mail posted to the Subversion Dev mailing list.