Fredrik Bostrom wrote:
> Thanks for your tips.
>
> I finally got it working by adding another <Location> element after the
> standard <Location /svn> element, like this:
>
> <Location /svn> <!-- old element -->
> DAV svn
> SVNPath /var/svnroot
> AuthType Basic
> AuthName "Subversion Repository"
> AuthUserFile /etc/apache2/dav_svn.passwd
> AuthzSVNAccessFile /etc/apache2/dav_svn.authz
> Satisfy Any
> Require valid-user
> </Location>
>
> <Location ~ "/svn/.*(secret.file)$"> <!-- new element -->
> AuthType Basic
> AuthName "Restricted read access"
> AuthUserFile /etc/apache2/dav_svn.passwd
> AuthzSVNAccessFile /etc/apache2/dav_svn_noread.authz
> Satisfy Any
> Require valid-user
> </Location>
That *might* be safe, but I do not know enough to be sure. It is possible
that a determined attacker with a comprehensive knowledge of WebDAV/DeltaV
might be able to find a way around that.
Max.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jun 7 18:17:00 2005