Re: merge tracking: rejecting commits from svn clients < 1.5

From: John Peacock <jpeacock_at_rowman.com>
Date: 2007-02-13 02:04:57 CET

Blair Zajac wrote:
> With mod_dav_svn, I guess we can get the client version string and use
> that? Would the easy way be to reject commits at the Apache level and
> parse the client's name?
>
> But what about file:/// or svn:// access?

file:/// access is, pretty much by default, not something that you would want to
allow any sort of public access. svn:// is only slightly better, from a
security standpoint. I don't think it is *too* much of a loss if we only
provided a way to block back-rev'd client access under Apache.

My 2 cents...

John

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Blvd
Suite H
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5747
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Tue Feb 13 02:10:57 2007

This message: [ Message body ]
Next message: Daniel Rall: "Re: merge tracking: rejecting commits from svn clients < 1.5"
Previous message: Blair Zajac: "merge tracking: rejecting commits from svn clients < 1.5"
In reply to: Blair Zajac: "merge tracking: rejecting commits from svn clients < 1.5"
Next in thread: Daniel Rall: "Re: merge tracking: rejecting commits from svn clients < 1.5"
Reply: Daniel Rall: "Re: merge tracking: rejecting commits from svn clients < 1.5"
Reply: Alan Barrett: "Re: merge tracking: rejecting commits from svn clients < 1.5"
Reply: Malcolm Rowe: "Re: merge tracking: rejecting commits from svn clients < 1.5"
Reply: Blair Zajac: "Re: merge tracking: rejecting commits from svn clients < 1.5"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]