On Tue, 2005-06-07 at 19:18 +0200, Sander Striker wrote:
...
>But since it is prone to tinkering (you can hack up your client to
>say 'banana' instead of 'commit' or something worse), this data can
>only possibly be used for statistics.
With the client supplying the conceptual operation, this is true for a
security-sensitive audit.
>I wonder if the conceptual operations are that important.
Most organizations and system administrators are very interested in
statistics, as they provide a measuring stick by which process or
deployment efficiency gains can be assessed.
>For auditing
>purposes you are more interested in which 'paths' a user has read from
>or written to (the latter is not strictly available in the version
>history since the write may have occurred in an aborted txn).
>Note that, in case of mod_dav_svn, with REPORT requests you don't see
>all the paths themselves in the access.log, so there is no hint what
>was really read.
It sounds like some of the conceptual operations for at least the
primarily server-side operations (e.g. not 'merge') could be inferred by
the server instead of counting on client-provided labels. This would
make the logs much more useful after a break-in or for an audit. Though
I'm not a fan of the inconsistency, would there be any serious problems
in ignoring any client-provided label for a conceptual operation which
can be inferred, and using the client-provided label for a conceptual
operation which cannot be inferred?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jun 7 19:48:46 2005