Ah, thanks for your response. I found my problem. I certainly did
try the workaround, but after your response I thought again about my
testing and setup. A simple oversight skewed my test results. I
first logged into the restricted svn URL using proper
username/password. I then tested the anonymous/open URL using the
same browser session, which apparently cached my credentials and
allowed the access. After your reply I tested using a different
browser session, and the directory was not accessible by without
proper login. I think the caching of the authentication credentials
can easily lead someone astray when testing this setup, both from a
browser and from the svn client. Of course the svn client also
prompts for username/password, which if entered correctly once, is
then cached and used for future access. I believe this also skewed
some of my earlier testing from the svn client. I'll have to look
into how to disable this automatic caching, but the setup will work
for me.
Thanks a ton.
-Gabriel
On Mon, Dec 21, 2009 at 4:56 PM, C. Michael Pilato <cmpilato_at_collab.net> wrote:
> See my comment on the blog post, Gabriel. Did you actually *test* my
> workaround, or are you speculating based on your understanding of the theory
> of it. I'm happy to address actual problems found in the workaround --
> *very happy*, in fact, since I'm using the workaround myself to protect
> private information! But as far as I know, it works as advertised.
>
> Gabriel Ricardo wrote:
>> Hi Jon,
>> The link you sent was helpful and the final workaround mentioned in
>> the article seems to work, except one thing...
>> There seems to be a security hole, which is that web-browsing of the
>> restricted sub-directory is still possible using the anonymous-open
>> URL. Thus, the solution does not seem to be feasible. I'll followup
>> by commenting directly on the authors article, but if anyone has any
>> other suggestions, it would be greatly appreciated.
>>
>> Thanks,
>>
>>
>> On Sun, Dec 20, 2009 at 10:36 PM, Gabriel Ricardo
>> <gabriel.ricardo_at_gmail.com> wrote:
>>> Thanks for all the responses. I tried all of the suggestions, but
>>> unfortunately none of them worked. I also downloaded and installed
>>> subversion 1.6.5, along with apache 2.2.14 to see if maybe I needed
>>> more recent versions. I still have the same strange behavior, where
>>> either the sub-directory appears to users as if it does not exist, or
>>> all users can access it. Very frustrating. Seems like this is an
>>> area of subversion functionality that would greatly benefit from some
>>> more documentation, or some subversion developers troubleshooting why
>>> this breaks down for so many users.
>>>
>>>
>>>
>>> On Thu, Dec 17, 2009 at 3:08 AM, Jon Foster <Jon.Foster_at_cabot.co.uk> wrote:
>>>> Hi,
>>>>
>>>> Gabriel Ricardo wrote:
>>>>> I cannot figure out how to restrict permissions on a sub-directory.
>>>>> What I want is to have anonymous read/write access to everything
>>>>> except a sub-directory, where only two users have read/write and
>>>>> everyone else has no access (read or write). I've done a lot of
>>>> This looks relevant:
>>>>
>>>> http://blogs.open.collab.net/svn/2007/03/authz_and_anon_.html
>>>>>> Since anonymous users can checkout the tree, Apache never bothers
>>>>>> to query you for authentication credentials. And you can't force
>>>>>> Subversion to transmit authentication credentials when Apache
>>>>>> hasn't asked for them.
>>>> There are workarounds documented in the blog post.
>>>>
>>>> Kind regards,
>>>>
>>>> Jon
>>>>
>>>>
>>>> **********************************************************************
>>>> This email and its attachments may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Cabot Communications Ltd.
>>>>
>>>> If you are not the intended recipient of this email and its attachments, you must take no action based upon them, nor must you copy or show them to anyone.
>>>>
>>>> Cabot Communications Limited
>>>> Verona House, Filwood Road, Bristol BS16 3RY, UK
>>>> +44 (0) 1179584232
>>>>
>>>> Co. Registered in England number 02817269
>>>>
>>>> Please contact the sender if you believe you have received this email in error.
>>>>
>>>> **********************************************************************
>>>>
>>>>
>>>> ______________________________________________________________________
>>>> This email has been scanned by the MessageLabs Email Security System.
>>>> For more information please visit http://www.messagelabs.com/email
>>>> ______________________________________________________________________
>>>>
>
>
> --
> C. Michael Pilato <cmpilato_at_collab.net>
> CollabNet <> www.collab.net <> Distributed Development On Demand
>
>
Received on 2009-12-22 02:29:27 CET