It's previously come up (see below for links) that svn log has to do a
lot of authorization checking, particularly if there happens to be a
revision in which a large number of files are touched. (This is because
the log exposes the paths of all files changed in these revisions, and
so it checks to make sure the user is authorised to see the fact that
certain files changed).
The result for me is that on one test repository (running on svn 1.2
server with fsfs backend), doing svn log takes about 3:40 over apache,
but 20s over file:// (to skip authorization).
I think that my users will care more about this log speed problem than
the log leaking a small amount of unauthorised information, so I'm
looking at turning this off.
1) Is it sufficient to disable the checking at the top of
detect_changed() in libsvn_repos? It looks like this is all that's
required. Below is a patch which I think does the right thing. It shows
massive improvements on a repository of 45k commits imported from cvs
(basically, same speed as accessing via file://).
2) Could this be a configurable feature in future versions? My feeling
is that there should be an option in repository/conf/misc like:
secure-log = false
which could enable or disable this feature on a per-repository basis.
I'd be happy to work the below patch into something with this
functionality if people would like this in subversion (it would save me
maintaining my own patched version).
Problem is described in more detail here:
2005-02-27 16:18:34.000000000 +0000
2005-06-09 13:38:59.000000000 +0100
@@ -224,6 +224,12 @@
apr_array_header_t *revs = NULL;
int count = 0;
+/* This lets us skip authorisation checking when accessing logs, which
+ cause of severe slowdown. This can leak some meta-information about
+ were modified when (though not file contents). */
+ authz_read_func = NULL;
SVN_ERR (svn_fs_youngest_rev (&head, fs, pool));
if (! SVN_IS_VALID_REVNUM (start))
To unsubscribe, e-mail: email@example.com
For additional commands, e-mail: firstname.lastname@example.org
Received on Thu Jun 9 14:43:20 2005