[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: "SVNAuthorizationShortCircuit or something similar"

From: Justin Erenkrantz <justin_at_erenkrantz.com>
Date: 2007-04-03 18:12:21 CEST

On 4/3/07, Malcolm Rowe <malcolm-svn-dev@farside.org.uk> wrote:
> On Mon, Apr 02, 2007 at 04:03:37PM -0700, Josh Gilkerson wrote:
> > Are there suggestions for the directive name/syntax? Suggestions:
> > SVNAuthorizationShortCircuit [yes|no]
> > SVNDavAuthzDirect <provider_name>
>
> (Why would we need more than one provider?)

Probably don't.

> I remember that in the past we've discussed extending SVNPathAuthz to
> accept <apache|native|off> (plus 'on' as an alias for 'apache').

I think 'native' doesn't convey the badness that we're doing with this
approach. It sounds all nice and cool to have it be 'native' - I
think having the directive name be 'ShortCircuit' or something conveys
that we're doing something very very naughty. IOW, the admin should
realize that doing this has *major* implications on their authz
scheme. Configs may suddenly break if they switch it on and expose
their repositories in ways they didn't expect (i.e. what could have
been blocked before is no longer blocked!).

> (We even discussed making it mandatory (no default) because of the
> performance impact of the default behaviour. That would ensure that
> people knew what they were getting, and could switch it off if, as is
> most likely, it wasn't needed. That's probably going too far, though).

Yes, IMO, it goes too far as it'd break configs. -- justin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 3 18:12:36 2007

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.