[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Is there an authenticated no-op in subversion?

From: Daniel Danger Bentley <dtbentley_at_gmail.com>
Date: Mon, 7 Jun 2010 16:31:18 -0400

On Mon, Jun 7, 2010 at 4:27 PM, Rob van Oostrum <rvanoo_at_gmail.com> wrote:

> On Mon, Jun 7, 2010 at 12:03 PM, Daniel Danger Bentley <
> dtbentley_at_gmail.com> wrote:
>
>> I'm working on a system to interact with subversion automatically. Some of
>> the repositories in question work over https, and this requires
>> authentication for certain actions.
>>
>> I would love to separate authentication from action. Is there a way to
>> perform an authenticated no-op (which would fail if not authenticated)? If
>> this did exist, then I could first try this, and perform the hairier actions
>> only once I'm sure I'm authenticated.
>>
>> The best we've been able to come up with at work so far is to do a propset
>> on a revision property.
>>
>> Thanks,
>> -Dan Bentley
>>
>
> You are confusing authentication with authorization. Authentication = "user
> is who they say they are". Authorization = "user has permission to do X"
> (user may or may not be authenticated), which can (and often does) depend on
> both authz configuration and repository hooks.
>
> Authentication can be covered simply by disallowing any non-authenticated
> write access. Predicting authorization is more complicated unless you can
> safely "if test X works, real operation Y should also work".
>
> If all you really need is in fact an authenticated no-op, you should be
> able to run any read operation, which - if you are disallowing anonymous
> access entirely - will only work when already authenticated.
>
>
We don't disallow anonymous access entirely. Anonymous read access is often
allowed.

In this case, I control the client software but not the server. So I would
like to test if things work on the client so I can fail early.

So there is no dry run mode I could try an operation through? If only writes
require authorization, then there is no no-visible-impact way to test
authentication?

Thanks much,
-Dan

> Cheers
> Rob
> 

-- 
"My youngest daughter is 13 months old, and in her limited vocabulary
alongside essentials like 'mom-mom', 'da-da', and 'meow' she knows to say
'zhooom' and wave her arm around when she wants me to get a lightsaber down
off a shelf for her to play with. As far as I'm concerned that's Parent of
the Year Award material right there." - Aurich Lawson
Received on 2010-06-07 22:31:56 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.