Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)
From: Thomas ┼kesson <thomas_at_akesson.cc>
Date: Mon, 22 Oct 2012 17:20:44 +0200
To clarify what this issue is about:
This is a quite unexpected change when upgrading an existing server to version 1.7, which is not mentioned in changes. It will suddenly provide unauthenticated access to the repository list (when Satisfy Any) or provide access to users that were not intended to have access (Satisfy All).
On 19 okt 2012, at 02:07, Daniel Shahaf wrote:
> I agree it is reasonable to want the SVNParentPath URL to display only
Hmm, I failed to get any hit on that blog post (tried both Google and DuckDuckGo).
Right, previously it was possible to request authentication when accessing the repository list via the access file, e.g.:
The requirement to hide/filter the repository list will be most prevalent with server configurations that always requires authentication, typically corporate subversion servers or in the hosting use case. Anonymous access on the other hand is more prevalent in the open-source use case where the feature to hide repositories is likely very rare.
The Apache directive Satisfy Any is required in order to combine access control and anonymous access (* = r). When removing Satisfy Any (i.e. Satisfy All) Apache ensures that clients are required to authenticate in order to view the repository list. This would ensure that the repository list can be correctly filtered by mod_authz_svn.
In summary, it would not be possible to have both anonymous access and a filtered repository list on the same Apache location, but that is a relatively rare requirement and not a regression. (well, perhaps it is possible with some creative Apache config).
No, it should not be listed. In this case, the user cannot browse from repository list down to the location were access is granted anyway (since he has not access to ^/bar/).
> And if it's listed, what should happen when the link is followed?
The repository is listed in both Svn 1.7, 1.6 and earlier. Access is denied if followed. The difference is that with filtering, the link will not even be displayed. An improvement if you ask me and more consistent with how access control in the repository works.
> These are my thoughts at a high level --- i.e., user-facing level, not
I am fairly familiar with Apache config and the typical requirements of corporate installations, but not with the code. By looking at svn log C-Mike, Philip and Kamesh might be best suited to comment on the code.
This is an archived mail posted to the Subversion Dev mailing list.