Re: Behaviour on minor .control misconfiguration

From: David Brodbeck <brodbd_at_uw.edu>
Date: Tue, 22 Feb 2011 16:12:20 -0800

On Sun, Feb 20, 2011 at 12:36 PM, Daniel creo Haslinger <
creo-23985-subversion_at_blackmesa.at> wrote:

> I am not sure if it is proper behavior to ignore a whole file instead
> of a single misconfigured line.
>
> Of course there might be some reason to do this I'm not aware of,
> but I can't think of one yet :-)
>

The only problem I can see is it might result in more access than intended.
e.g., what if the default is "*=rw", and I do "r=*" in an entry? If it
just works, I might not realize right away that all users still have write
access.

On the other hand, in general the Subversion project maintainers' policy
seems to be to discourage use of path-based access control (see the box on
http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html), so
it's possible you might get some people to agree that having the security
"fail open" is desirable here.

-- 
David Brodbeck
System Administrator, Linguistics
University of Washington

Received on 2011-02-23 01:12:54 CET

This message: [ Message body ]
Next message: Daniel Shahaf: "Re: bug in mixed-version detection + single-file externals"
Previous message: Jason Sachs: "Re: bug in mixed-version detection + single-file externals"
In reply to: Daniel creo Haslinger: "Re: Behaviour on minor .control misconfiguration"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]