On 03/01/2011 01:56 PM, C. Michael Pilato wrote:
> On 03/01/2011 01:12 PM, Philip Martin wrote:
>> "C. Michael Pilato" <cmpilato_at_collab.net> writes:
>>
>>> Just a thought: Have you considered expanding the scope of the private
>>> resource space rather than using the magic prefix hack? You could add
>>> ".../!svn/vtxn/UUID" and ".../!svn/vtxr/UUID/..." to be alternate ways to
>>> address transactions and transaction roots (the "v" there being a shortcut
>>> for "virtual"). This is *effectively* the same approach as yours -- there's
>>> a different prefix here. But the prefix is a clearly defined piece of the
>>> protocol, not just some magic bit buried in mod_dav_svn's codebase.
>>
>> I'll have a think about that. One aim is that the proxy can be as dumb
>> as possible about the Subversion protocol, so that it doesn't have to
>> rewrite all commit requests. If the client doesn't send the vtxn/vtxr
>> URLs the proxy has to do more work.
>>
>> Another thing about exposing the transaction name in the protocol is
>> that it is much more predictable than a UUID. Temporary files with
>> predictable names can be a security issue, are predictable transaction
>> names a security issue?
>
> I want to say that we've had this discussion on-list before, but I might be
> remembering something else. I'll see if I can find any prior chatter about
> this.
Found it:
http://svn.haxx.se/dev/archive-2009-02/0097.shtml
--
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Received on 2011-03-01 19:58:56 CET