On Wed, 9 Mar 2005, Molle Bestefich wrote:
> Marcus Rueckert wrote:
> > or maybe some svn hosting service like wush.net?
> > just because i have my repos there i dont need to know about their other
> > customers.
>
> Again, hiding stuff from particular users or groups is a common part
> of many (most?) filesystem security mechanisms. I believe that if
> wush.net offers svn hosting, they should have a authentication system
> in place, and not rely on the idea that people probably won't be able
> to guess what the other repositories they host are named.
>
> Besides, if you base your security on the notion that others can't
> guess the name of your repository, you're also kind of lending
> yourself to brute-force guessing, are you not?
>
I aggree completely. I don't understand this security by obscurity
argument at all. If we added such a feature we could make it configurable
or add authentication to it.
Like Karl, I really doubt this could go into 1.2. Especially since there
is a reasonably simple work-around, use some CGI script for browsing
available repositories. Over HTTP, use it in a web browser aned paste the
URLs.
Regards,
//Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Mar 9 16:14:31 2005