[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Restrict allowed subversion client for repository access

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Tue, 18 Aug 2009 18:53:18 +0200

On 18.08.2009 12:28, Andy Levy wrote:
> On Tue, Aug 18, 2009 at 02:16, Ryan J Ollos<ryano_at_physiosonics.com> wrote:
>> Hello,
>>
>> I was wondering if there was a way to restrict the Subversion client that is allowed to access my repository. Furthermore, I might like to restrict the version of the Subversion client that is allowed to access the repository.
>>
>> Specifically, I would like to restrict repository access to the TortoiseSVN client and possibly some web based clients such as WebSVN.
>>
>> My reason for wanting to enforce a policy such as this is to:
>> * Ensure that tsvn properties are effective
>> * Ensure timely upgrades by users in my group since I don't otherwise control their computers or have another way to enforce upgrades (and would like to save the time of confirming that each user has upgraded)
>> * Enforce a consistent policy in a medical software development environment, where we are required to have standardized tools and processes.
>
> These last 2 should be controlled via your desktop management software
> (ZENWorks, AD Group Policies, etc.). If it's truly that important, you
> shouldn't be depending upon the user installing things for themselves
> - you *have* to control it at some central location.

You can block svn clients according to their capabilities (e.g., you can
block clients which don't know about merge tracking yet):
http://svnbook.red-bean.com/nightly/en/svn.branchmerge.advanced.html#svn.branchmerge.advanced.pre1.5clients

Apart from that, all svn clients also send a user-agent string (if
you're using apache for the server). You could configure apache to
reject all clients which don't have the 'allowed' user-agent string.

the user-agent string has the form
SVN/.../TortoiseSVN-XX.XX.XX.XX
for TSVN. Other clients *can* add their own part to the user-agent
string, but not all of them do (i.e., they will only have the first part).

Stefan 

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2384851
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2009-08-18 18:53:47 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.