SVN Path-based Authentication Q...
From: BRM <bm_witness_at_yahoo.com>
Date: Tue, 3 Jul 2012 07:32:14 -0700 (PDT)
I am administering a server running Apache Httpd with WebDAV serving a Subversion 1.6.6 repository set on an Ubuntu Server 10.04 LTS.
A while back I setup path-based authentication using mod_authz_svn in addition to the AuthUserFile directive for logins.
My initial update was just to protect the paths in the AuthzSVNAccessFile:
[myrepo:/path/to/protected/area1/protectedItem]
[myrepo:/path/to/protected/area2/protectedItem]
All the protected paths have a common directory name that is not to be accessed.
However, I am concerned that this method will only work until a user (any user) copies a path (e.g. /path/to/protected/area2) to another path, and thus 'protectedItem' becomes available at the new path without anyone realizing it. Ideally I would have something like the following instead of having 6 or so copies of the above:
[myrepo:*/protectedItem]
I looked over the SVN Redbook information and the Apache2 2.2 documentation but could not find anything to say that was supported, etc.
While I realize a better method would be to dump/filter/reload the repository we don't want to do that quite yet as we have a number of working copies on numerous machines that we do not want to invalidate as a result. I am considering it at some point, but only if absolutely necessary.
TIA,
Ben
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.