Re: Restrict read-access of inside part of the repository

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2003-03-28 18:26:48 CET

Jani Averbach <jaa@cc.jyu.fi> writes:

> Is there any way to restrict read access of some directory inside of
> repository in httpd.conf? Could I use the path to inside the repository in
> the location-block in httpd.conf? Or is there some other way to do this?

The problem is that httpd.conf is only able to control authorization
on *public* urls within the subversion repository. For example, ones
like:

http://host/repos/foo/bar
http://host/repos/baz/bop/boom

But most of the http requests sent by svn clients are on opaque urls
that are interpreted internally by mod_dav_svn:

   http://host/repos/!svn/wrk/boo/bah
   http://host/repos/!svn/bc/23/foo.c
   http://host/repos/!svn/wbl/19/bar/foo.c

And it's very easy for *multiple* opaque urls to map to a single
resource. There's basically no way for httpd.conf to control
authorization on this many-to-one mapping.

So the party line has always been: "for fine grained authorization,
use hook scripts in the repository."

Unfortunately, we don't have any read-hook scripts yet. :-(

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Mar 28 18:27:46 2003

This message: [ Message body ]
Next message: Michael Price: "Re: Reducing WD Size"
Previous message: Ben Collins-Sussman: "Re: Reducing WD Size"
In reply to: Jani Averbach: "Restrict read-access of inside part of the repository"
Next in thread: Jani Averbach: "Re: Restrict read-access of inside part of the repository"
Reply: Jani Averbach: "Re: Restrict read-access of inside part of the repository"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]