[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Wed, 24 Oct 2012 06:09:58 +0200

Daniel Shahaf wrote on Wed, Oct 24, 2012 at 06:07:45 +0200:
> Roderich Schupp wrote on Wed, Oct 24, 2012 at 00:54:07 +0200:
> > On Wed, Oct 24, 2012 at 12:08 AM, Thomas Åkesson <thomas_at_akesson.cc> wrote:
> > > Are you saying that SVN 1.7 always allows browsing the root but it is empty
> > > when the user lacks authz?
> >
> > Yes - for a "standalone" repository (i.e. one specified with SVNPath,
> > _not_ with SVNParentPath)
>
> I can't reproduce this. 'curl -s https://svn.apache.org/repos/private/'
> gives a directory listing that shows one world-readable directory, but
> the same command on a sibling repository (which does not contain any
> world-readable directories whatsoever) gives a 401 Unauthorized error.
> Both <Location>s use SVNPath.
>

Since I didn't pass -u, in both cases I was browsing as an anonymous user.

> That server runs 1.7.0.
Received on 2012-10-24 06:10:48 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.