Thomas Kindler <thomas.kindler@gmx.de> wrote on 03/10/2005 03:02:37 PM:
> Mark Phippard wrote:
> > Thomas Kindler <thomas.kindler@gmx.de> wrote on 03/09/2005 07:55:08
PM:
>
> > What RA method are you using? Subversion 1.1.0 and 1.0.8 fixed a
security
> > bug in http:// and that fix caused svn log to be really slow. You can
> > greatly improve performance by adding this directive to your Apache
> > <location> directive:
> >
> > SVNPathAuthz off
>
> Uh, ok.. then we can't do anything against it, because we're using
> https, and need authz. We're writing software for the GermanTeam
> (robocup sony 4-legged league), and need to be able to restrict access
> to some branches in the repository because of the competition situation.
FWIW, if you use the above directive you still get 90% of the authz
functionality. The "security hole" is that someone can run svn log on say
the root of the repository (assuming they have read access to it) and see
log entries for areas they do not have access. They still cannot access
any of the content of those areas though, nor could they run svn log
directly against one of those areas.
Mark
_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Thu Mar 10 17:08:11 2005