Re: authz_svn_module Per-Directory ACL

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2005-01-25 17:02:10 CET

On Jan 25, 2005, at 9:50 AM, Ben Collins-Sussman wrote:
>
> This problem will go away someday when we stop doing checkouts in a
> single HTTP request/response... that is, when checkouts are done
> through a series of repeated GET requests on every file and dir. That
> will allow the server to demand authentication at any point.
>

Re-reading, my mail sounds a bit confusing. Here's a clearer way to
describe the current mod_dav_svn shortcoming:

* if the root-dir of the checkout is anonymously readable, then
apache never demands authentication, and the entire tree will be read
anonymously.

* if the root-dir of the checkout isn't anonymously readable, then
apache will demand authentication, and the entire tree will be read as
that one user.

In other words, there's exactly one chance to authenticate (or not) at
the beginning of checkout, and after that, the client's identity cannot
change.

This explanation should probably go into Chapter 6, until we someday
change the way checkouts work.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jan 25 17:05:47 2005

This message: [ Message body ]
Next message: Eric Hanchrow: "issue 1900 and "switch" leaving wc in a "funny" state"
Previous message: Ben Collins-Sussman: "Re: authz_svn_module Per-Directory ACL"
In reply to: Ben Collins-Sussman: "Re: authz_svn_module Per-Directory ACL"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]