Cool idea!
On 4/12/07, Malcolm Rowe <malcolm-svn-dev@farside.org.uk> wrote:
> On Thu, Apr 12, 2007 at 09:52:35AM -0700, Eric Gillespie wrote:
> > "Ben Collins-Sussman" <sussman@red-bean.com> writes:
> >
> > > Your latest patch looks reasonable to me.
> > >
> > > Also, the client *does* choose the activity name. It does a PROPFIND
> > > asking the server where activities should be stored, and gets back an
> > > opaque URI. The client then sends a request: "MKACTIVITY
> > > URI/someactivityname". It could be anything.
> > >
> > > libsvn_ra_dav is set up to use an apr_uuid as an activity name, but a
> > > malicious client could send "../../blah" or an activity named AUX or
> > > COM or something. We need to put in some server-side checking.
> >
> > Great, thanks. I'll be asking for review again after i add the
> > checks. Probably not today, though.
> >
>
> Here's an idea: rather than do complex auditing to make sure the path is
> safe, or blacklisting or whatever, why not just use MD5(activity id) as
> the filename and rely on hash collisions being extremely unlikely?
>
> Regards,
> Malcolm
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Apr 12 21:44:14 2007