[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: "SVNAuthorizationShortCircuit or something similar"

From: Eric Gillespie <epg_at_pretzelnet.org>
Date: 2007-05-09 20:28:05 CEST

"David James" <james@cs.toronto.edu> writes:

> On 4/16/07, Josh Gilkerson <jwg@google.com> wrote:
> > Latest patch. I am fairly certain that this is functioning properly.
> >
> > For configuration, I have overloaded the SVNPathAuthz. The values on
> > and off and the default value(on) have retained their meaning, so
> > configurations shouldn't be broken (Are there other apache will parse
> > as on or off for a boolean option?). There is then another value,
> > currently 'dangerous_direct', that indicates that mod_dav_svn should
> > authorize directly to mod_authz_svn.
> How about "short_circuit"? I think that this is a good name.

I like that, too. Josh, can you make that change? Or i could
make it and then commit.

> Please don't include the word "dangerous" in the option name as I find
> the use of that word here to be confusing.
> I haven't tested your patch yet, but, in general, your patch looks
> very good. This new approach is much better than the approach that
> Artem took on the artem-soc-work branch, because it requires so many
> fewer changes.
> I see a few spots where the formatting could be improved, but this is
> minor and can be fixed at commit time if everyone is otherwise happy
> with the patch.

I think we've waited long enough for people to object :). I'm
going to commit this change today or tomorrow. I'll fix what
formatting issues i find, but i'm not the biggest expert on
Subversion style either ;->.

> On 4/16/07, Justin Erenkrantz <justin@erenkrantz.com> wrote:
> > > You also pointed out that "mod_authz_svn doesn't handle host-based
> > > authorization at all." Are you implying that the new short circuit
> > > authz option might break Apache's host-based authorization? If so,
> > > how?
> >
> > Yes. Because you're only going to be using mod_authz_svn instead of
> > permitting httpd to run through its normal authorization mechanisms -
> > which include *all* authorization modules.
> Isn't this fearmongering? Apache still runs through all of its normal
> authorization mechanisms for the initial request -- the only
> difference with "short circuit" authorization is that we don't
> fabricate artificial subrequests to account for all of the internal
> subversion repository paths which are referenced in a given report.
> I do get your point, though, and I agree that "short circuit" is a
> better name than "native", so I won't argue this point further.
> Cheers,
> David
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org

Eric Gillespie <*> epg@pretzelnet.org
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed May 9 20:29:14 2007

This is an archived mail posted to the Subversion Dev mailing list.