On Fri, Sep 27, 2013 at 12:40 AM, Ben Reser <ben_at_reser.org> wrote:
> On 9/26/13 12:45 PM, Mark Moe wrote:
>> We found that about half the performance issue was solved by using
>> "SVNPathAuthz off" while the other half was solved by skipping that
>> big revision when doing svn log -v. Just the sheer transfer of all
>> those lines of text was a big hit even with SVNPathAuthz off.
>
> First of all I would like to note that I wouldn't recommend anyone having
> performance problems with log and commits that changed a lot of paths
> implementing SVNPathAuthz off without putting some serious thought into this.
Except if you don't need path-base authorization of course :-). As
"the book" says [1]: "Do you really need path-based access control?"
If you have large logical groups of people, and within those groups
everyone more or less trusts each other, there is really no need to
employ path-base authz. You can separate the large groups by using
different repositories.
In our company we have around 100 developers. Though they are divided
in different teams working on different parts, we don't see the need
to authz-enforce the separation between teams. We just have one single
repository for the entire development group, and rely on social
convention for teams not stepping on each other's toes (without at
least having a chat about it).
We have a couple of security sensitive components, and those are put
in a separate repository (restricted to a smaller group of people). A
couple of other (non-IT) divisions within the company also have their
own repository.
So far we haven't had the need to enable path-based authz, and just
rely on 'Require ldap-group XXX' for full-access to the entire
repository. Should the need arise, we can always add another
<Location> to our httpd.conf, serving the same repository with
path-based authz, via another url. The "full-access group" can then
still use the non-path-based-authz'ed path to the repository, while a
larger audience might be able to access the same repository restricted
by path-based authz.
[1] http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html
--
Johan
Received on 2013-09-27 10:08:21 CEST