See my comment on the blog post, Gabriel. Did you actually *test* my
workaround, or are you speculating based on your understanding of the theory
of it. I'm happy to address actual problems found in the workaround --
*very happy*, in fact, since I'm using the workaround myself to protect
private information! But as far as I know, it works as advertised.
Gabriel Ricardo wrote:
> Hi Jon,
> The link you sent was helpful and the final workaround mentioned in
> the article seems to work, except one thing...
> There seems to be a security hole, which is that web-browsing of the
> restricted sub-directory is still possible using the anonymous-open
> URL. Thus, the solution does not seem to be feasible. I'll followup
> by commenting directly on the authors article, but if anyone has any
> other suggestions, it would be greatly appreciated.
>
> Thanks,
>
>
> On Sun, Dec 20, 2009 at 10:36 PM, Gabriel Ricardo
> <gabriel.ricardo_at_gmail.com> wrote:
>> Thanks for all the responses. I tried all of the suggestions, but
>> unfortunately none of them worked. I also downloaded and installed
>> subversion 1.6.5, along with apache 2.2.14 to see if maybe I needed
>> more recent versions. I still have the same strange behavior, where
>> either the sub-directory appears to users as if it does not exist, or
>> all users can access it. Very frustrating. Seems like this is an
>> area of subversion functionality that would greatly benefit from some
>> more documentation, or some subversion developers troubleshooting why
>> this breaks down for so many users.
>>
>>
>>
>> On Thu, Dec 17, 2009 at 3:08 AM, Jon Foster <Jon.Foster_at_cabot.co.uk> wrote:
>>> Hi,
>>>
>>> Gabriel Ricardo wrote:
>>>> I cannot figure out how to restrict permissions on a sub-directory.
>>>> What I want is to have anonymous read/write access to everything
>>>> except a sub-directory, where only two users have read/write and
>>>> everyone else has no access (read or write). I've done a lot of
>>> This looks relevant:
>>>
>>> http://blogs.open.collab.net/svn/2007/03/authz_and_anon_.html
>>>>> Since anonymous users can checkout the tree, Apache never bothers
>>>>> to query you for authentication credentials. And you can't force
>>>>> Subversion to transmit authentication credentials when Apache
>>>>> hasn't asked for them.
>>> There are workarounds documented in the blog post.
>>>
>>> Kind regards,
>>>
>>> Jon
>>>
>>>
>>> **********************************************************************
>>> This email and its attachments may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Cabot Communications Ltd.
>>>
>>> If you are not the intended recipient of this email and its attachments, you must take no action based upon them, nor must you copy or show them to anyone.
>>>
>>> Cabot Communications Limited
>>> Verona House, Filwood Road, Bristol BS16 3RY, UK
>>> +44 (0) 1179584232
>>>
>>> Co. Registered in England number 02817269
>>>
>>> Please contact the sender if you believe you have received this email in error.
>>>
>>> **********************************************************************
>>>
>>>
>>> ______________________________________________________________________
>>> This email has been scanned by the MessageLabs Email Security System.
>>> For more information please visit http://www.messagelabs.com/email
>>> ______________________________________________________________________
>>>
--
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Received on 2009-12-22 01:57:06 CET