On Nov 5, 2004, at 7:56 PM, Mark Phippard wrote:
>>> In fact, I kind of regard it as a misfeature
>>> that one of my users might not be able to see the full history of a
>>> file
>>> because it happens to share a revision with another file they don't
>>> have
>>> access to.
>>
>> think you guys are misunderstanding the security feature here.
>
> I get it, and it makes sense to be the default. As I said in my
> previous
> message, adding the directive fixes it for me. svn log is not
> protected at
> all, but the svn co and svn ci seem to be, which is all I care about.
>
Yeah, that behavior makes sense, I guess. "SVNPathAuthz off" disables
mod_dav_svn's ability to perform internal readability checks on any
actions that involve iterating over lots of paths (checkout, log, etc).
But the initial incoming REPORT request (for checkouts/updates) and
incoming PUT and MERGE requests (for commits) are still directly
intercepted and authorized by mod_authz_svn at the front door.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Nov 6 03:16:34 2004