minor information leak in the svnserve authz code

From: Marcus Rueckert <darix_at_web.de>
Date: 2005-12-27 05:25:30 CET

hi,

steps to reproduce:

[[[
cd /tmp
svnadmin create foo
cd foo/conf
perl -p -i -e 's|^# ||g' svnserve.conf
echo -e "[/]\n* = r\n@active = rw" >> authz
svnserve -d -r /tmp/foo
svn ls svn://localhost:3691/
]]]

the message you get is:
[[[
svn: An authz rule refers to group '@active', which is undefined
]]]

do we really want to pass this information to the client?
i always thought this should be only server side.
i see the problems with the missing logging. but i dont think the error
should be passed to the client.

darix

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Dec 27 05:26:18 2005

This message: [ Message body ]
Next message: Michael Sinz: "Re: Revision defaults to peg-rev, inconsistently [was: svn bug]"
Previous message: Garrett Rooney: "Re: [PATCH] Remove --disable-keychain?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]