[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: AW: Logging Subversion client HTTP requests

From: Andreas Krey <a.krey_at_gmx.de>
Date: Mon, 1 Aug 2011 10:20:44 +0200

On Mon, 01 Aug 2011 08:57:52 +0000, Markus Schaber wrote:
...
> Hmm. For http(s)://, svn:// and well set-up svn+ssh:// servers, he
> should not be able to create repository corruption, right? I would
> consider everything else to be a serious security bug in subversion.

Setting invalid svn:mergeinfo counts as repository corruption? Then it's possible.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
Received on 2011-08-01 10:21:44 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.