Garrett Rooney wrote:
> On 11/16/05, Julian Foad <julianfoad@btopenworld.com> wrote:
[...]
>>>The authz support bungles the case
>>>of a directory copied from a location you aren't allowed to see, it
>>>needs to recurse into the directory adding its contents, since you
>>>can't expect the caller to have access to the contents.
>>
>>Er... I don't know about this stuff either, but it strikes me that if the
>>caller is not authorised to see data in a particular area then you should not
>>send that data to the caller. (Perhaps abort if you discover that is the
>>case.) Maybe I'm completely misunderstanding, in which case ignore me.
[...]
> Clearly, if a file is copied from the private section to the public
> one people are now allowed to see the file's contents, as of the
> revision that it's copied. [... so you have to send full text ...]
Duh! Thanks for the explanation. (And for the answers I've snipped.)
> Ironically, this logic will probably prove useful for implementing the
> "replay only a particular subtree" kind of thing [...]
Cool.
- Julian
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Nov 17 01:27:22 2005