[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: authz problem: mixing anon access + protected directory.

From: Omry Yadan <omry_at_yadan.net>
Date: Sat, 19 Jul 2008 12:22:43 +0300

you can't be certain that a fix similar to what I proposed will involve
only webdav changes.

is there's a bug for this in the BTS?

I think it's something that at least worth having a good look at - even
if it means looking at the webdav apache module.

C. Michael Pilato wrote:

> I think it's safe to say that the solution -- if one is to be found --
> either lies in Apache (not in Subversion), or requires a
> rearchitecting of Subversion significant enough as to be one of those
> vast-cast-for-little-gain things.
>
> My recommendation for those admins able to do such a thing is that
> they allow anonymous, read-only access to repositories over http://,
> and require authentication for all access to repositories via
> https://. Google Code uses this principle, and I think it was a wise
> decision on their part to do so.
>
>
> Omry Yadan wrote:
>> is it safe to assume no one cares about this bug?
>>
>>
>> Omry Yadan wrote:
>>
>>> C. Michael Pilato wrote:
>>>
>>>> Omry Yadan wrote:
>>>>> are there any plans to fix this problem?
>>>>> looks like it's a real time waster for many people, as the book
>>>>> does not even hint such a common (required) setup is impossible
>>>>> without special tricks.
>>>>
>>>> I doubt it. I'm not sure that its within Subversion's reach to
>>>> fix. It's rather a quirk of Apache's authn/authz model. (But
>>>> you're right -- the book probably should address this common
>>>> question.)
>>>>
>>> What if the client sends the authentication credentials anyway (if
>>> they are available or if the user specifies them in the command
>>> line), and webdav is tweaked to authenticate the client in such case
>>> even if resource does not required authentication?
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
>>> For additional commands, e-mail: dev-help_at_subversion.tigris.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
>> For additional commands, e-mail: dev-help_at_subversion.tigris.org
>>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-07-19 11:23:02 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.