Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)
Roderich Schupp wrote on Wed, Oct 24, 2012 at 00:54:07 +0200:
> On Wed, Oct 24, 2012 at 12:08 AM, Thomas Åkesson <thomas_at_akesson.cc> wrote:
> > Are you saying that SVN 1.7 always allows browsing the root but it is empty
> > when the user lacks authz?
> Yes - for a "standalone" repository (i.e. one specified with SVNPath,
> _not_ with SVNParentPath)
I can't reproduce this. 'curl -s https://svn.apache.org/repos/private/'
gives a directory listing that shows one world-readable directory, but
the same command on a sibling repository (which does not contain any
world-readable directories whatsoever) gives a 401 Unauthorized error.
Both <Location>s use SVNPath.
That server runs 1.7.0.
Received on 2012-10-24 06:08:33 CEST
This is an archived mail posted to the Subversion Dev