[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Case sensitivity in authz files

From: Branko Čibej <brane_at_wandisco.com>
Date: Thu, 25 Apr 2013 15:13:13 +0200

On 25.04.2013 15:07, Mark Phippard wrote:
> On Thu, Apr 25, 2013 at 9:04 AM, Mark Phippard <markphip_at_gmail.com> wrote:
>> On Thu, Apr 25, 2013 at 8:37 AM, Philip Martin
>> <philip.martin_at_wandisco.com> wrote:
>>> Julian Foad <julianfoad_at_btopenworld.com> writes:
>>>
>>>> I am only questioning the assignment of a 1.8.0 "release blocker"
>>>> milestone.
>>> That was simply because Branko suggested he was targeting 1.8.0. We
>>> have to decide now because I don't think we would put this into a minor
>>> release (the last case-sensitivity change went into 1.7.0).
>> First off, to be clear, I think we should have ALWAYS been
>> case-insensitive when comparing usernames. What I do not get is why
>> we would be considering doing this NOW.
>>
>> Going all the way back to 1.0, our largest user base by far - Windows
>> users, have complained about this. Active Directory allows me to
>> login as "Mark", "mark" or "MaRk". Obviously the last example is
>> extreme, but the upper case first letter happens pretty commonly. For
>> years, we just told these users to not do that and essentially
>> piss-off. It wasn't until something like 1.5 or 1.6 that we finally
>> added a directive that causes mod_dav_svn to normalize the username to
>> all upper or lower case so that you could write rules in one format.
>> I do not think we ever even documented this in release notes so I
>> cannot find when we added it.
>>
>> Now we have some totally contrived scenario that the person writing
>> the rules essentially controls and we are wringing our hands about it?
>> Why wouldn't we give anyone bothered by this the same answer we gave
>> to Windows users for all those years?
>>
>> It seems to me that we should fix our data structure so that we are
>> storing both keys when they differ only by case, or we should do
>> nothing.
> If the proposal is to make the file case-sensitive how is that even a
> behavior change? That sounds like a bug fix. The usernames have
> always been case sensitive.

mArk, if you'd taken the time to read the thread, you would not write
such nonsense. Go look up Philip's examples of how things are broken now.

Windows users who set up Apache to normalize the user names passed into
svn_repos will not notice the change, assuming they're consistent in
their authz files. Everyone else who /does/ expect user names to be
case-sensitive will at least get consistent results regardless of
ordering in the authz file.

-- Brane

-- 
Branko Čibej
Director of Subversion | WANdisco | www.wandisco.com
Received on 2013-04-25 15:13:49 CEST

This is an archived mail posted to the Subversion Dev mailing list.