Greg Hudson wrote:
> On Tue, 2003-10-28 at 15:20, Garrett Rooney wrote:
>
>>If I read your proposal correctly, there's
>>no way to tell the daemon mode server to be read only, while the
>>tunneled svnserve is read-write.
>
>
> Tunneled users are authenticated (using EXTERNAL), so setting
> anon-access=read and auth-access=write would accomplish this.
But in that case if you authenticate to the daemon mode server (via
CRAM-MD5 or something), you would still be able to write to the
repository via that server...
I suppose this isn't that big a deal, since if you're allowing read
access via the daemon, you probably aren't all that concerned about
sending data over the wire unencrypted, but I could envision scenarios
where it would matter, say if there were sections of the repository that
do require authentication for read access. It would be nice to have a
way to limit those to svn+ssh to ensure that sensitive data never goes
over the wire in the clear.
-garrett
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Oct 28 21:28:48 2003