[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: API change to handle incomplete authorization

From: <kfogel_at_collab.net>
Date: 2003-10-28 22:25:15 CET

There was an innacuracy in the mail I just sent:

The path name leak will continue to exist in various forms. You can
see the changed paths in 'svn log', for example. And you can use 'svn
ls' to browse around -- it will show you file names even when you
don't have authorization to read their contents. Basically, unless
something is protected by at least one level of unreadable
directories, its name can still leak.

So the new "<incomplete/>" flag isn't so much about plugging the leak,
as about making working copies still work even when only partially
authorized.

Sorry. We were actually aware of this before I sent the mail, I just
forgot to adjust already-written text to reflect the new knowledge.

-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Oct 28 23:04:40 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.