[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnshell-like client

From: Ryan Schmidt <subversion-2011a_at_ryandesign.com>
Date: Thu, 9 Jun 2011 11:45:24 -0500

On Jun 9, 2011, at 11:35, Rick Varney wrote:

>> (I really, really don't recommend file based access for clients.)
>
> I think you have some good reasons for this last statement,
> but they are not obvious to me. Could you elaborate some
> more on why you don't recommend this?

file:///-protocol-based access is not appropriate for a production repository, because any user can circumvent any hook scripts or access controls you've put in place, and can even delete the entire repository with a couple keystrokes. file:/// protocol is for testing purposes only, before you've gotten around to setting up a server process.

The main point is that file access to the repository must be restricted to just the user the repository is being served under, so that regular users do not have that level of access. But it's probably fine if you have some admin scripts that run on the same server and under that same user and use the file:/// protocol for those.
Received on 2011-06-09 18:46:02 CEST

This is an archived mail posted to the Subversion Users mailing list.