[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: RFC: Subversion security model in need of update

From: David Glasser <glasser_at_davidglasser.net>
Date: Thu, 12 Mar 2009 13:58:15 -0700

I think you have my concern backwards. It's clear that the current
explicit-path-list authz implementations can be adapted to Mike's proposed
model. My concern is that the model limits authz implementations to only be
those essentially the same as the current one, where all interesting paths
are explicitly listed.

--dave

On Mar 12, 2009 1:35 PM, "Jeremy Whitlock" <jcscoobyrs_at_gmail.com> wrote:

> I generally think this is a solid analysis. I'm a little concerned about
the > implications of imp...
We achieved this at CollabNet using the same approach as Subversion.
(none, read, read/write at a path) If we do this right, there should
be no reason to muck with the syntax of the authz file. We just need
to provide better apis to answer the more advanced questions. I
mentioned earlier in this thread that during this proof of concept
that Mike talked about, we did this very simply. Knowing only n/r/rw
for a path, you can turn your single answer question of "Can I access
this path" to "Can I access this path, can I access this path and
everything below it and Can I access this path and/or anything below
it". Answering those three questions gives you everything you need to
improve our authorization framework as we are currently suggesting.

On a related note, using the same three question system, we were able
to greatly improve our performance for Subversion authorization.
Instead of having to authorize every single path, sometimes you can
circumvent the need to authorize a path based on the answer of
previous authorization questions. (For example, if you know that you
can do the requested action on the path and everything below it, you
can short circuit the need to ask further questions for where the path
is a child.) To give you an example, we went from making 7902
authorization calls in one of our tests to 33 using some advanced
handling of the answers to the 3 questions. That is quite an
improvement.

Long story short, there is no need to make changes to the existing
authz configuration to get what we need and in making such changes to
Subversion's authz, we also stand a good chance of being able to take
advantage of these changes to improve performance.

-- Take care, Jeremy Whitlock http://www.thoughtspark.org

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=1314344
Received on 2009-03-12 21:58:53 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.