Authz on Collection of Repositories (was: Expansion of authz policy name leak)
From: Thomas ┼kesson <thomas_at_akesson.cc>
Date: Thu, 18 Oct 2012 12:06:56 +0200
There was a discussion in April 2010 regarding the "fix" for issue 2753.
Unfortunately the discussion died due to lack of other opinions. I think Mike had some very important input here and I believe that this concluding statement is incorrect:
From: Kamesh Jayachandran <kamesh_at_collab.net>
Status in Subversion 1.6
- I have never seen the leak in 1.6 that Kamesh is referring to.
Status in Subversion 1.7
- The fix for issue 2753 presumably enables SVNListParentPath to work with authz on server root. By completely removing authz on Collection of Repositories (?).
Use cases suffering from regression in 1.7
- The "Collection of Repositories" is leaked to all users, including for instance external consultants with access to a subset of information. There might be separate repositories for unreleased products, where leaking the repo name is undesirable.
There might be workarounds for some of the use cases, but that would involve using groups in Apache config which creates an additional location where authz must be maintained.
During the 2010 discussion Mike suggested something that we (Simonsoft) would be very happy to see implemented:
Given that we now also have AuthzSVNReposRelativeAccessFile, there is no obvious location to define access to "Collection of Repositories". By always allowing access to "Collection of Repositories" but filtering based on whether the user has access to each repository root, there is no need to explicitly set access to "Collection of Repositories". One less piece of information to maintain.
Hope this summary can spark some fresh discussion!
This is an archived mail posted to the Subversion Dev mailing list.