On 16 jan 2013, at 20:44, C. Michael Pilato wrote:
> On 01/16/2013 02:27 PM, Thomas ┼kesson wrote:
>> On 16 jan 2013, at 20:15, C. Michael Pilato wrote:
>>> On 01/16/2013 01:54 PM, Thomas ┼kesson wrote:
>>>> Hi Ivan,
>>>> I committed to drafting some change notes for this change quite some time
>>>> - Below is a draft of a section to include in Release Notes. I suggest
>>>> just after "In repository authz". - Patch contains line for CHANGES -
>>>> Patch contains clarification and new example for mod_authz_svn INSTALL
>>>> Hope I got the patch right.
>>> Thanks, Thomas. I like the release notes, and will incorporate them in just
>>> a few minutes.
> Actually, I have a quick question for you. Your release notes say:
> The access to "Collection of Repositories" is not restricted by
> mod_authz_svn. In order to require authentication on this location, the
> location should have "Satisfy All" (default). See examples in INSTALL for
> mod_authz_svn for additional details.
Hmm, yes... complicated.
> I *think* I understood what meant in calling out that this is "not
> restricted by mod_authz_svn",
Since Subversion 1.7, mod_authz_svn always returns OK for CoR, regardless what's in the authz file. Before 1.6 it was possible to control access to CoR with [/] section.
So, if the CoR should not be anonymously accessible, we must do Satisfy All + Require valid-user.
> and wordsmithed that section to read like this
> NOTE: Access to "Collection of Repositories" is not restricted by
> mod_authz_svn, but is instead managed by mod_dav_svn itself. In order to
> require authentication on this location, the location should have "Satisfy
> All" (which is the default value of this directive). See examples in
> mod_authz_svn's INSTALL document for additional details.
> Is this still accurate?
I think you have improved this complicated piece.
> but is instead managed by mod_dav_svn itself
Is it technically managed by mod_dav_svn? Or is it... Apache core? Probably doesn't matter.
Btw, I tried to convey the difficulty of combining Anonymous and authenticated access (you wrote about that long ago) in the Note under Example 2. Hope you find that description accurate.
Received on 2013-01-16 21:08:28 CET