[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: merge tracking: rejecting commits from svn clients < 1.5

From: John Peacock <jpeacock_at_rowman.com>
Date: 2007-02-13 02:04:57 CET

Blair Zajac wrote:
> With mod_dav_svn, I guess we can get the client version string and use
> that? Would the easy way be to reject commits at the Apache level and
> parse the client's name?
>
> But what about file:/// or svn:// access?

file:/// access is, pretty much by default, not something that you would want to
allow any sort of public access. svn:// is only slightly better, from a
security standpoint. I don't think it is *too* much of a loss if we only
provided a way to block back-rev'd client access under Apache.

My 2 cents...

John

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Blvd
Suite H
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5747
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Feb 13 02:10:57 2007

This is an archived mail posted to the Subversion Dev mailing list.