[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Wed, 24 Oct 2012 06:07:45 +0200

Roderich Schupp wrote on Wed, Oct 24, 2012 at 00:54:07 +0200:
> On Wed, Oct 24, 2012 at 12:08 AM, Thomas Åkesson <thomas_at_akesson.cc> wrote:
> > Are you saying that SVN 1.7 always allows browsing the root but it is empty
> > when the user lacks authz?
>
> Yes - for a "standalone" repository (i.e. one specified with SVNPath,
> _not_ with SVNParentPath)

I can't reproduce this. 'curl -s https://svn.apache.org/repos/private/'
gives a directory listing that shows one world-readable directory, but
the same command on a sibling repository (which does not contain any
world-readable directories whatsoever) gives a 401 Unauthorized error.
Both <Location>s use SVNPath.

That server runs 1.7.0.
Received on 2012-10-24 06:08:33 CEST

This is an archived mail posted to the Subversion Dev mailing list.