Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Wed, 24 Oct 2012 06:07:45 +0200

Roderich Schupp wrote on Wed, Oct 24, 2012 at 00:54:07 +0200:
> On Wed, Oct 24, 2012 at 12:08 AM, Thomas Åkesson <thomas_at_akesson.cc> wrote:
> > Are you saying that SVN 1.7 always allows browsing the root but it is empty
> > when the user lacks authz?
>
> Yes - for a "standalone" repository (i.e. one specified with SVNPath,
> _not_ with SVNParentPath)

I can't reproduce this. 'curl -s https://svn.apache.org/repos/private/'
gives a directory listing that shows one world-readable directory, but
the same command on a sibling repository (which does not contain any
world-readable directories whatsoever) gives a 401 Unauthorized error.
Both <Location>s use SVNPath.

That server runs 1.7.0.
Received on 2012-10-24 06:08:33 CEST

This message: [ Message body ]
Next message: Daniel Shahaf: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
Previous message: Roderich Schupp: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
In reply to: Roderich Schupp: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
Next in thread: Daniel Shahaf: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
Reply: Daniel Shahaf: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]