Re: SVNPathAuthz and 1.1.1

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2004-11-05 20:55:57 CET

On Nov 5, 2004, at 8:12 AM, Mark Phippard wrote:

> I have seen it mentioned that you can add this setting to your Apache
> config to restore the performance of svn log:
>
> SVNPathAuthz Off
>
> There is no mention of this in the book anywhere. What exactly does it
> do?

Sorry, I haven't documented it yet. It's broken in 1.1.0, fixed in
1.1.1

'SVNPathAuthz off' will completely disable all path-based authz
checking. It prevents apache from doing GET subrequests to check the
readability of specific repository paths.

>
> I want the protection that authz provides for preventing writes to
> certain
> folders. But I do not really care if someone can do an svn log or ls
> of
> those folders. Is there some setting, possibly this one, that would
> allow
> authz to still do the write protections but not do the new checking
> that
> it does which hurts performance of svn log?
>

There's no setting that does the "old" style of path-based authz, since
it's inherently leaky.

If you just want to limit *write* access to paths, and still be
super-quick, then perhaps you should abandon mod_authz_svn altogether
and use a pre-commit hook script like svnperms.py.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Nov 5 20:57:29 2004

This message: [ Message body ]
Next message: Ben Collins-Sussman: "Re: Operational restrictions in svn?"
Previous message: Ben Collins-Sussman: "Re: merge of new files and eol-style"
In reply to: Mark Phippard: "SVNPathAuthz and 1.1.1"
Next in thread: Mark Phippard: "Re: SVNPathAuthz and 1.1.1"
Reply: Mark Phippard: "Re: SVNPathAuthz and 1.1.1"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]