[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] svnserve per-user read/write access control

From: Atanas Raykov <nasko_at_unixsol.org>
Date: 2004-09-04 22:59:14 CEST

>An example svnserve.conf might look like this:
> [general]
> # Default to read access for both authenticated and unauthenticated
> # users.
> anon-access = read
> auth-access = read
> password-db = /svn/conf/global-passwd
> [auth]
> # Let athomas have write access to the repository.
> athomas = write
> # Deny gchristian access to the repository.
> gchristian = none
Just a quick thought here. It's pretty neat to have such a feature, but
I have some security issues. If somehow, somebody is able to steal
svnserve.conf, he'll see only the server configuration and the location
on password-db, but won't see any username or password. With this patch,
he'll be able to see an username and try to access the repository by
guessing it's password (we're talking about the case anon-access = none
and auth-access = write). Is it possible to move the [auth] part in the
password-db file?

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Sep 4 20:57:25 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.