[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVNPathAuthz and 1.1.1

From: Mark Phippard <MarkP_at_softlanding.com>
Date: 2004-11-05 21:50:50 CET

Ben Collins-Sussman <sussman@collab.net> wrote on 11/05/2004 03:48:27 PM:
> On Nov 5, 2004, at 2:06 PM, Mark Phippard wrote:
> >>
> >> 'SVNPathAuthz off' will completely disable all path-based authz
> >> checking. It prevents apache from doing GET subrequests to check the
> >> readability of specific repository paths.
> >
> > Thanks. What I do not get is why this is needed. Don't you have to
> > explicitly turn authz on anyway? What is the point of turning it on
> > and
> > off?
> mod_dav_svn has no idea if any authorization modules are loaded or not.
> So it's *always* doing GET subrequests on changed-paths, to verify
> whether a revision is wholly readable or not. Even if you have no
> authorization module loaded at all, the subrequests are still
> happening. Maybe they invoke an authorization module, maybe not.
> The effect of the security fixes is: mod_dav_svn does a lot more GET
> subrequests than it used to, especially on 'svn log' operations. It's
> a matter of authz correctness.
> So, even if you have no authorization module loaded at all, 'svn log'
> is now slower with the security fixes.
> The effect of "SVNPathAuthz off" is to disable GET subrequests
> completely, thus regaining speed, but abandoning all hope of authz.

But wouldn't that mean that operations like svn co and svn ci would still
trigger the authz?


Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Nov 5 21:51:13 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.