Re: Somewhat corrupted repository: Berkeley DB Permissions errors on SVN 1.0.2

andy.glew@amd.com wrote:
>>The only "clean solution" is to allow a *single* process to own and
>>access the database.
>
>
> Woah! That's the IBM mainframe OS/Digital VMS/WinNT way...
> and occasionally the database oriented way.

Subversion _is_ a database at its heart; worse yet, the only [current]
implementation is a specific type of shared memory database that has very
particular demans. Works great as long as you play by its rules. And the
easiest/safest way to play by those rules is to treat it exactly like any other
database (Oracle, MySQL, PostgreSQL, etc) and have a single user process
touching the database files. You can, with some coddling, share access to BDB
files (unlike those other databases I just mentioned), but it's not easy.

> Apache and other web servers have, of necessity, been forced
> to adopt the "the application or database does its own
> access control independent of the OS" approach, because
> the web has no authentication standards worth pissing on.

That's a little harsh (and arguably wrong). SPKI, though currently [somewhat]
hard to implement, is at least as secure as anything else out there. I
currently have an app which uses client certificates to both authenticate and
authorize specific access to hundreds of our clients, all through the use of a
web browser.

If you run Subversion from within Apache, you can use a multitude of
authentication methods out of the box, including mod_authz_svn for your
Subversion repositories.

John

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4720 Boston Way
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5747
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org