[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: noob question

From: Brett Sutton <bsutton_at_idatam.com.au>
Date: 2005-01-12 09:57:28 CET

Roel Harbers wrote:

> Robert P. J. Day wrote:
>
>> On Tue, 11 Jan 2005, Patrick Burleson wrote:
>>
>>
>>> On Tue, 11 Jan 2005 14:02:51 -0800, Joshua Kolden
>>> <joshua@crackcreative.com> wrote:
>>>
>>>> Hmm, thanks but I get :
>>>> svn: '.' is not a working copy.
>>>>
>>>> I'm talking about listing the different projects on the server without
>>>> prior knowledge of the projects, and without having anything
>>>> (relevant)
>>>> currently checked out.
>>>>
>>>> j
>>>>
>>>
>>> can you show us your exact command line?
>>>
>>> what happens if you issue the following command:
>>>
>>> svn ls http://svn.collab.net/repos/svn/
>>
>>
>>
>> i think there might be some confusion between listing the
>> *repositories* on a server versus listing the *projects* in a single
>> repository, given that you already know the name of that repository.
>>
>> the latter is easy. the former is not (at least immediately) obvious.
>>
>> rday
>
>
> From what I understand, this is not possible for security reasons.
>
> If you don't know the repo name, you have no business accessing it, or
> something to that effect. It's like a web server denying directory
> listing.
>
> Regards,
>
> Roel Harbers

I never had much time for the security by obscurity argument, especially
if it removes a useful feature.
If you were to follow that argument to its (absurd) conclusion then you
shouldn't be able to list the files or directories in a repository
unless you already know their names (which is pretty much what a web
server does).

Being able to list the repo's at a url seems to be extremely useful and
the security issues can be dealt with via an appropriate security model.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jan 12 13:25:44 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.