Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)

From: <roderich.schupp_at_gmail.com>
Date: Tue, 23 Oct 2012 05:22:34 -0700 (PDT)

>
> I'm working on the patch to list only readable repositories. There is
>
already TODO comment in the code by cmpilato:
> subversion\mod_dav_svn\repos.c:3461
>

Please keep in mind that the problem is not restricted to parent-path
collections
of repositories: Since SVN 1.7 any user can "list" the root of a
"standalone"
repository even if she has no access grants whatsoever. Of course, the
listing
will be empty in this case (but the head revision is leaked).

Cheers, Roderich
Received on 2012-10-23 14:23:13 CEST

This message: [ Message body ]
Next message: C. Michael Pilato: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
Previous message: Ivan Zhakov: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
In reply to: Ivan Zhakov: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
Next in thread: Thomas Åkesson: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
Reply: Thomas Åkesson: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]