On Mon, 12 Feb 2007, John Peacock wrote:
> Blair Zajac wrote:
> > With mod_dav_svn, I guess we can get the client version string and use
> > that? Would the easy way be to reject commits at the Apache level and
> > parse the client's name?
> > But what about file:/// or svn:// access?
Was this in response to my recent addition to the func spec?
I tend to agree...
> file:/// access is, pretty much by default, not something that you would want to
> allow any sort of public access. svn:// is only slightly better, from a
> security standpoint. I don't think it is *too* much of a loss if we only
> provided a way to block back-rev'd client access under Apache.
We could do some type of client capabilities detection, and pass that
on to the hook scripts via a new parameter or environment variable.
Client capabilities aren't easily detectable in a mod_dav_svn
Received on Tue Feb 13 02:18:28 2007
- application/pgp-signature attachment: stored