[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: DAV activity hijacking?

From: Artem Egorkine <arteme_at_gmail.com>
Date: 2006-06-22 11:17:04 CEST

To clarify, here is my point once again:

If a user was successfuly able to issue an MKACTIVITY request - he has
been verified to have global write access to the repsitory. It is
therefore not neccesary to check for global write access on subsequent
MERGE or DELETE requests.

That is of course if we can be sure that no other user can guess or
snoop the uuid of the activity and either on purpose or by accident
isue MERGE or DELETE on it.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jun 22 11:18:18 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.