[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion AuthZ Wildcards

From: Stefan Fuhrmann <stefan2_at_apache.org>
Date: Thu, 18 May 2017 15:38:03 +0200

On 27.02.2017 17:05, Julian Foad wrote:
> Doug Robinson wrote:
>> Folks:
>> "Julian said Stefan said this could be useful." :-)
>> I really hope it is. Best wishes and thank you all!
> Thank you very much, Doug!

Same here. Sadly, my talk wasn't admitted at ApacheCON
(it seems very few were outside big data).

Doug, are we allowed to put that presentation into our Wiki?
IMO, it covers the usual dos and donts very well.

Also, is there some experience with strategies / suggestions
like "put generic access first" and "put generic restrictions last"?

> Svn devs: the attachment is a presentation Doug had prepared for
> explaining the Authz wilcard rules as implemented for WANdisco a
> couple of years ago, which they have been using with svn 1.9.x, and
> which is a little different from the 'authzperf' version that we have
> recently merged to trunk for 1.10.
The behavior in /trunk is almost identical to WD-code.
There are two main differences:

* /trunk now uses are specialized parser for authz.
   Some accidental features of the previously used
   config parser are no longer available. In particular,
   sections may no longer be repeated and there is
   no support for value expansion.

* An edge-case or two has been fixed concerning
   recursive access rights. Those are checked by new
   authz tests introduced in r1774890 and r1764337.
   Some of that may already be in the WD code.

> I suggested to Stefan2 that the one thing we're missing is clear
> documentation of the new work, and to Doug that we might benefit from
> using the content of his presentation as a starting point to create
> our own docs for the new work.
Yes, a simple paragraph in the release notes will
not do. Not sure though, when exactly I will find
time and energy to write this.

> Doug is very keen that WD's version and our "official" version of
> wildcard support should align in the long term, and in support of
> this, kindly agreed to contribute this for us to use as we see fit.
Any feedback is greatly appreciated.

-- Stefan^2.
Received on 2017-05-18 15:38:31 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.