Holger Stratmann wrote:
> Michal Levý wrote:
>
>> Relocating wc to uppercase repo name works great! thanks for
>> suggestions....
>>
>> Still. This behavior were introduced by 1.3.0 and it seems to me like
>> a inconsistency.
>> SVN client works without complaints with different cased repo names
>> (maybe only on Windows), why authorization mechanism don't ?
>
> This is not uncommon (only on Windows!). The authorization is operating
> "in memory" and comparing strings. That's always case sensitive by
> default (unless specifically made case insensitive).
> Accessing the repository goes to the file system and requests a
> directory called "TVM" - Windows happily returns "tvm" or "Tvm" or
> whatever.
>
> I am wondering if THAT is acceptable behavior for Subversion?
If below is working, then it certainly is not!
> AFAIK, this should work (not that I'm doing it):
>
> [/]
> * = r
>
> [secret:/]
> * =
> me = rw
>
> Am I wrong?
>
> On Windows, that's now heavily broken, because I could still access
> "Secret" or "seCret" or something like that as an anonymous user, right?
Not sure that will work, and I am more than half asleep now... Will test
tomorrow. If that works... we'll have a HUGE hole in security... I hope it
does not.
> I think this should be changed in one of two ways:
> a) make authentication case insensitive on Windows (seems like it was in
> 1.2.3? However, on other operating systems it has to be case sensitive,
> so maybe it was "fixed for *nix" in 1.3.0? :-) Or it's actually a
> (regression) bug)
not a good idea
> b) make repository access case sensitive even on Windows (a case
> preserving version of the filename is available from the Win API if you
> want it)
times better
Kalin.
--
|[ ~~~~~~~~~~~~~~~~~~~~~~ ]|
+-> http://ThinRope.net/ <-+
|[ ______________________ ]|
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jan 19 21:22:14 2006