[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)

From: <roderich.schupp_at_gmail.com>
Date: Tue, 23 Oct 2012 05:22:34 -0700 (PDT)

>
> I'm working on the patch to list only readable repositories. There is
>
already TODO comment in the code by cmpilato:
> subversion\mod_dav_svn\repos.c:3461
>

Please keep in mind that the problem is not restricted to parent-path
collections
of repositories: Since SVN 1.7 any user can "list" the root of a
"standalone"
repository even if she has no access grants whatsoever. Of course, the
listing
will be empty in this case (but the head revision is leaked).

Cheers, Roderich
Received on 2012-10-23 14:23:13 CEST

This is an archived mail posted to the Subversion Dev mailing list.