Re: DAV activity hijacking?

From: Artem Egorkine <arteme_at_gmail.com>
Date: 2006-06-22 11:17:04 CEST

To clarify, here is my point once again:

If a user was successfuly able to issue an MKACTIVITY request - he has
been verified to have global write access to the repsitory. It is
therefore not neccesary to check for global write access on subsequent
MERGE or DELETE requests.

That is of course if we can be sure that no other user can guess or
snoop the uuid of the activity and either on purpose or by accident
isue MERGE or DELETE on it.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jun 22 11:18:18 2006

This message: [ Message body ]
Next message: Kamesh Jayachandran: "Re: svn commit: r20191 - trunk/subversion/tests/cmdline"
Previous message: Kobayashi Noritada: "Re: [PATCH] Add some RDoc comments to the SWIG/Ruby bindings, part 1"
In reply to: Artem Egorkine: "DAV activity hijacking?"
Next in thread: Malcolm Rowe: "Re: DAV activity hijacking?"
Reply: Malcolm Rowe: "Re: DAV activity hijacking?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]