Karl Fogel wrote:
> "C. Michael Pilato" <cmpilato_at_collab.net> writes:
>>> Why should access restrictions prevent someone from merely anchoring an
>>> RA session at a particular URL, and then running log requests based from
>>> that anchor? The access controls should, of course, limit what
>>> responses come back from the request, but I don't see why they should
>>> prevent what Martin assumes "might not be permissible".
>> Consider a situation in which mod_dav_svn (not mod_authz_svn) is
>> configured to disallow any read access to paths outside of /trunk.
>> Before Subversion even gets the chance to field a log REPORT request
>> aimed at the root of the repository, mod_dav_svn prevents the request
>> from succeeding.
>
> That's what I'm questioning. Why does mod_dav_svn behave like this?
> Because it's easier to implement?
Does it have a choice?
I think we're thinking of different deployment scenarios. I'm talking about
something like:
<Location /repo>
DAV svn
SVNPath /var/svn/repo
### bits that disallow access here
</Location>
<Location /repo/trunk
### bits that allow access to trunk here
</Location>
IIUC, a request to /repo (or to /repo/something-not-trunk) wouldn't even get
to mod_dav_svn for processing because it fails the higher-level Apache authz
requirements.
I'm not saying its a sane configuration, of course. But prior to
mod_authz_svn being created, it was through Apache configury like this that
we instructed folks to do their access control.
--
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Received on 2008-06-03 21:16:39 CEST