[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Feature request: Hide restricted directories when using path-based authorization

From: C. Michael Pilato <cmpilato_at_collab.net>
Date: Wed, 07 Oct 2009 09:19:38 -0400

Shaun Pinney wrote:
> Hello SVN devs!
>
> When using path-based authorization to restrict users access to certain
> directories, we'd like to completely hide top-level folders and their
> contents. However, clearing a user's read permission for a folder only
> hides the folder's contents - the top-level folder itself is still viewable
> even when read access has not been granted.

It's not so much the case that folder permissions only apply to their
contents by design. It's just that certain Subversion subcommands leak the
names of unreadable objects. Read the section "KNOWN LEAKAGE OF UNREADABLE
PATHS" in http://svn.collab.net/repos/svn/trunk/notes/authz_policy.txt for
more details.

-- 
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet   <>   www.collab.net   <>   Distributed Development On Demand
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=2404513

Received on 2009-10-07 15:20:00 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.