[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Behaviour on minor .control misconfiguration

From: David Brodbeck <brodbd_at_uw.edu>
Date: Tue, 22 Feb 2011 16:12:20 -0800

On Sun, Feb 20, 2011 at 12:36 PM, Daniel creo Haslinger <
creo-23985-subversion_at_blackmesa.at> wrote:

> I am not sure if it is proper behavior to ignore a whole file instead
> of a single misconfigured line.
> Of course there might be some reason to do this I'm not aware of,
> but I can't think of one yet :-)

The only problem I can see is it might result in more access than intended.
 e.g., what if the default is "*=rw", and I do "r=*" in an entry? If it
just works, I might not realize right away that all users still have write

On the other hand, in general the Subversion project maintainers' policy
seems to be to discourage use of path-based access control (see the box on
http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html), so
it's possible you might get some people to agree that having the security
"fail open" is desirable here.

David Brodbeck
System Administrator, Linguistics
University of Washington
Received on 2011-02-23 01:12:54 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.