[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: auth allowing access to logs only?

From: Ben Collins-Sussman <sussman_at_red-bean.com>
Date: 2007-02-04 18:22:14 CET

Hi Tom,

My gut tells me that this a pretty unusual use-case; we've designed
svn's security just around 'read' and 'write' concepts, and 'being
able to see history' falls clearly into the 'read' case in our model.

In fact, we've bent over backwards to make sure that if a revision
affects paths that are unreadable (to the user running 'svn log'),
then the log info is *not* displayed. The assumption is that log
messages are generally at least as sensitive as the code itself. Log
messages can still give away exactly what people are doing, what
sub-tasks they're working on, and even how they're implementing
things. (Note that the revision itself still shows up in the history,
just without any log message displayed.)

So, while I am not the entire subversion developer community, my
estimated guess here is that we wouldn't want to complexify our
security model to distinguish between "code reads" vs. "log reads".
It makes an already-complicated system even more so, and it's seems
like a bit of an esoteric feature to have to maintain.

On 1/31/07, Tom Ketola <tom@mail.solidstatenetworks.com> wrote:
> We are in the process of setting up Jira here at the office, and it seems to integrate nicely with subversion. The only issue we are running into is that we have certain repositories that only a couple developers have access to, and we need to keep it setup this way. Jira can integrate well with subversion's logging, but I don't want to expose an account that can actually get a copy of the code from these repositories. Is there a way to set up an account that only has access to the log messages from subversion (we are using an apache server w/ subversion)? I was thinking of something along the lines of being able to give an account or group r, w, rw, or l access, and if it has access to l, it cannot get code, but can get the history on a file. From what I've looked at, it doesn't look like there is anything along these lines currently, but if I develop something along these lines, would it be possible to get the code merged into the mainline? And if I do develop this code, do I need to look at anythi
ng other than the mod_authz_svn code? Thanks.
> Tom Ketola
> Solid State Networks
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sun Feb 4 18:23:35 2007

This is an archived mail posted to the Subversion Dev mailing list.