Re: Security

From: Stefan Hett <stefan_at_egosoft.com>
Date: Thu, 2 Jun 2016 12:49:57 +0200

Hi Michael,
>
> Hello Team,
>
> First I want to thank you for all the time and effort you have put
> into the TortoiseSVN online guide. I am new to SVN and this guide has
> been very helpful.
>
> I had a couple of questions about the security features of this software.
>
> Is there a way we can prevent users from doing the following:
>
> -Add, delete or modify anything straight in the repository without
> checking out a working copy?
>
Not directly, as far as I'm aware. I assume that you want to achieve
that the proper log template structure is used. If so, that can be done
by adding a precommit-hook (see SVN book [1]) and reject any commits,
which do not meet the template requirements you set up.

> -Add, delete or modify properties or hook scripts?
>
See pre-revprop hook [2]
To prevent modification of hook scripts, you would set up appropriate
file permissions on the server, or am I getting the question wrong?
>
> Also, some of the properties are only effective if the user is working
> straight in the repository. If a user checks out a working copy and
> modifies it, those properties are not effective at the time of
> committing the changes. For example, when I set the
> tsvn:logtemplatedelete property on a directory, the template only
> shows up in the commit dialog box if a user deletes a file straight
> from the repository. But if the user checks out a working copy,
> deletes a file and then commits the changes, then the delete template
> that I set does not appear in the commit dialog box. Is there a way we
> can set those properties to be triggered even if the change is being
> made in a working copy?
>
> Some of these properties are:
>
> §tsvn:logtemplatedelete
>
> §tsvn:logtemplatemove
>
> §tsvn:logtemplatemkdir
>
> §tsvn:logtemplatebranch
>
> §tsvn:logtemplatepropset
>
These are client side properties only (specific to the TSVN client). You
can't enforce these on the server side. What you could do though is to
ensure that any commit/change log on the server side meets the format
you define here. See pre-commit hooks [1].

[1] http://svnbook.red-bean.com/en/1.8/svn.ref.reposhooks.pre-commit.html
[2]
http://svnbook.red-bean.com/en/1.8/svn.ref.reposhooks.pre-revprop-change.html

-- 
Regards,
Stefan Hett
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3174082
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].

Received on 2016-06-02 12:50:12 CEST

This message: [ Message body ]
Next message: Stefan Hett: "Re: Exporting variants to 3 different servers"
Previous message: Bernhard Kleine: "How to clean everythink?"
In reply to: Bishara, Michael: "Security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]