[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: enhanced tsvn: protocol

From: Hans-Emil Skogh <Hans-Emil.Skogh_at_tritech.se>
Date: Wed, 10 Jun 2009 09:19:35 +0200

>>> Now I saw this checkout link feature and thought about an enhanced
>>> version:
>>> Add an extra command "link" to TortoiseProc.exe, which takes an "/url"
>>> as an option.
>> I think it's a great idea!
>> Mostly I miss being able to access the log dialog and ideally to be able
>> to show the diff of two files.
> And here's exactly the problem: where would this end?

 

It is a good question. And exactly because of that I think that the proposal was kind of nice: It is limited in scope by (more or less) saying that web-links should be able to open the dialogs in TSVN that you can open from the command line. Not an unreasonable scope bloat if you ask me.

 

> I'm not comfortable at all exposing TSVN to the web like this.
 
So what would you say are the risks? I would say that the biggest risk would be the possibility to find and exploit any weaknesses in how TSVN parses the URL (or their arguments) to create a security hole. But since we already have a web integration that risk is already present.
I definately understand you concerns. But I think that the gains probably would outweight the risks here. We would not create a whole new vector of attack here, only modify (and, admittedly, expand) one that is already present.
But maybe I'm missing something crucial here...

> If you really want such features, it would be much better if you set up
> something on the server. For example, you could install Trac which
> appears to be a popular choice for this.

Yes. A server side solution is absolutely an option. But it is much more work to set up, and in some situations it might not even be possible. To enable this kind of fast and easy integration between a web-application and TSVN would make it possible to use really light weight integration in almost any tool by simply providing custom urls.
 
(And btw: I have used Trac and I must confess I'm no big fan of it... None of the web interfaces I have tried have come close to the power and user friendlieness that TSVN can provide to a developer.)
 
Hans-Emil

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=2360814

To unsubscribe from this discussion, e-mail: [dev-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2009-06-10 09:20:08 CEST

This is an archived mail posted to the TortoiseSVN Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.