> -----Original Message-----
> From: Andy Canfield [mailto:andy.canfield_at_pimco.mobi]
> Sent: 29 July 2011 02:27
> To: Geoff Hoffman
> Cc: Nico Kadel-Garcia; users_at_subversion.apache.org
> Subject: Re: disable security hole in svn+ssh?
> Apparently, regardless of the protocol, the Subversion
> library code always checks $SVNParentPath/$Repository/conf/*
> and obeys svnserve.conf and authz. So I need to learn to use
> that effectively.
I am fairly certain that you are wrong about this, only svnserve looks
at the svnserve.conf and I believe that you can safely remove this file
if you do not use svnserve. In fact the first lines of the default file
### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository. (If you only allow
### access through http: and/or file: URLs, then this file is
Apache httpd access would not use it at all and will only apply authz if
you use the AuthzSVNAccessFile directive...
~ mark c
Received on 2011-07-29 09:11:24 CEST