Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Wed, 24 Oct 2012 06:09:58 +0200

Daniel Shahaf wrote on Wed, Oct 24, 2012 at 06:07:45 +0200:
> Roderich Schupp wrote on Wed, Oct 24, 2012 at 00:54:07 +0200:
> > On Wed, Oct 24, 2012 at 12:08 AM, Thomas Åkesson <thomas_at_akesson.cc> wrote:
> > > Are you saying that SVN 1.7 always allows browsing the root but it is empty
> > > when the user lacks authz?
> >
> > Yes - for a "standalone" repository (i.e. one specified with SVNPath,
> > _not_ with SVNParentPath)
>
> I can't reproduce this. 'curl -s https://svn.apache.org/repos/private/'
> gives a directory listing that shows one world-readable directory, but
> the same command on a sibling repository (which does not contain any
> world-readable directories whatsoever) gives a 401 Unauthorized error.
> Both <Location>s use SVNPath.
>

Since I didn't pass -u, in both cases I was browsing as an anonymous user.

> That server runs 1.7.0.
Received on 2012-10-24 06:10:48 CEST

This message: [ Message body ]
Next message: Paul Burba: "Re: [RFC] auto-props-sdc Branch : Ready for Review"
Previous message: Daniel Shahaf: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
In reply to: Daniel Shahaf: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
Next in thread: Roderich Schupp: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
Reply: Roderich Schupp: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]