[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Checkout hooks? (summary and script implementation)

From: Mathias Weinert <mathias.weinert_at_gfa-net.de>
Date: 2006-03-28 10:55:57 CEST

Ryan Schmidt wrote:

> So, now you have a reason to install Apache and upgrade to Subversion
> 1.3: svn+ssh does not provide you with post-checkout-or-export or
> post-update hooks; Apache + Subversion 1.3 + my script above does.
>
> I can't speak to your security policies, but if they get in the way
> of you doing what you need to do for your business, then you'd best
> reexamine those security policies. But I really don't know what kind
> of security-related issues you see in an Apache + Subversion server
> that are not present in an SSH + Subversion server.
>
> If you don't want people to be able to browse the repository via the
> web browser, I'm sure you can do that with a simple Apache directive
> like prohibiting all GET requests (since AFAIK real Subversion
> clients get all information via PROPFIND and REPORT requests) or by
> user agent (allowing only user agents like "SVN/1.3.0 (r17949) neon/
> 0.25.4" for example). In any case, you're merely taking away a
> convenience, not a feature, since a user can still browse the
> repository via the command-line client, if perhaps less conveniently.
or any of the big amount of Subversion GUI tools.

Perhaps you should have a look at Subversion 1.3.0. Svnserve now
also can restrict read/write access by path. Maybe this will help
you as you now can give the right people the right access to the
repository *before* anyone gets the wrong content instead of
reacting *after* this has happened.

Nevertheless the pre-update hook may still be a good thing to
restrict access by IPs, to just inform you about anyone who
is doing a checkout or to do any things that you need to do
when someone does a checkout (e. g. add to mailing list).

Mathias

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Mar 28 10:56:53 2006

This is an archived mail posted to the Subversion Users mailing list.