Re: API change to handle incomplete authorization

From: <kfogel_at_collab.net>
Date: 2003-10-28 22:25:15 CET

There was an innacuracy in the mail I just sent:

The path name leak will continue to exist in various forms. You can
see the changed paths in 'svn log', for example. And you can use 'svn
ls' to browse around -- it will show you file names even when you
don't have authorization to read their contents. Basically, unless
something is protected by at least one level of unreadable
directories, its name can still leak.

So the new "<incomplete/>" flag isn't so much about plugging the leak,
as about making working copies still work even when only partially
authorized.

Sorry. We were actually aware of this before I sent the mail, I just
forgot to adjust already-written text to reflect the new knowledge.

-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Oct 28 23:04:40 2003

This message: [ Message body ]
Next message: Philip Martin: "Re: svn commit: rev 7525 - trunk/tools/client-side"
Previous message: Philip Martin: "Re: Merge error (Failed to read tmp.tmp file)"
In reply to: kfogel_at_collab.net: "API change to handle incomplete authorization"
Next in thread: Sander Striker: "RE: API change to handle incomplete authorization"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]