RE: disable security hole in svn+ssh?

From: Cooke, Mark <mark.cooke_at_siemens.com>
Date: Fri, 29 Jul 2011 08:10:18 +0100

> -----Original Message-----
> From: Andy Canfield [mailto:andy.canfield_at_pimco.mobi]
> Sent: 29 July 2011 02:27
> To: Geoff Hoffman
> Cc: Nico Kadel-Garcia; users_at_subversion.apache.org
> Subject: Re: disable security hole in svn+ssh?

<snip>

> Apparently, regardless of the protocol, the Subversion
> library code always checks $SVNParentPath/$Repository/conf/*
> and obeys svnserve.conf and authz. So I need to learn to use
> that effectively.

<snip>

I am fairly certain that you are wrong about this, only svnserve looks
at the svnserve.conf and I believe that you can safely remove this file
if you do not use svnserve. In fact the first lines of the default file
are:

### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository. (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)

Apache httpd access would not use it at all and will only apply authz if
you use the AuthzSVNAccessFile directive...

~ mark c
Received on 2011-07-29 09:11:24 CEST

This message: [ Message body ]
Next message: Himanshu Raina: "Post Commit Hook Script !!"
Previous message: Cooke, Mark: "RE: SVNParent authz"
In reply to: Andy Canfield: "Re: disable security hole in svn+ssh?"
Next in thread: Andy Canfield: "Re: disable security hole in svn+ssh?"
Reply: Andy Canfield: "Re: disable security hole in svn+ssh?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]