Re: PATCH: FAQ update re. preventing browsing of .svn

From: André Malo <nd_at_perlig.de>
Date: 2006-02-25 13:05:30 CET

* Max Bowsher wrote:

> Greg Thomas wrote:
> > [[[
> > * www/faq.html (website-auto-update): Use a much simpler 404 error to
> > prevent browsing of the admin directory.
> > ]]]
>
> But the existing version is more accurate (403 vs. 404), and is clearly
> an access restriction, instead of being disguised as a redirect, so I
> prefer to maintain the existing version.

Well, firest it's not a redirect, it's just the directive, which only
happens to set the status code. It could be 403 as well.

Second, IMHO, the versions are equally accurate, it just depends on the
perspective. With 403 you tell via HTTP that you support these .svn/* URLs
but for whatever reason, the client is not allowed to see them. With 404
you just move those URLs away from the URL space. URL space and filesystem
don't have to match exactly. You know that of course ;-) it's just to
explain the POV.

-- 
"Solides und umfangreiches Buch"
                                          -- aus einer Rezension
<http://pub.perlig.de/books.html#apache2>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Sat Feb 25 13:06:02 2006

This message: [ Message body ]
Next message: Peter N. Lundblad: "RE: Diffs for running svnserve as a Win32 service"
Previous message: Max Bowsher: "Re: PATCH: FAQ update re. preventing browsing of .svn"
In reply to: Max Bowsher: "Re: PATCH: FAQ update re. preventing browsing of .svn"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]