[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Forcing the association of the author

From: Andy Levy <andy.levy_at_gmail.com>
Date: Mon, 15 Oct 2012 20:39:25 -0400

On Mon, Oct 15, 2012 at 5:37 PM, Gautier DI FOLCO
<gautier.difolco_at_gmail.com> wrote:
> I have an SVN repository requestable via Apache HTTPD Server 2.2.8. I want
> to
>
> allow anyone to update or commit on it but I want a committer name. So I
> must
>
> force the clients to provide an username but I don't want to check his
> password.
>
> I try this:
>
> <Location /svn>
> DAV svn
> SVNParentPath /www/svn
> AuthName "SVN Auth"
> AuthType Basic
> Anonymous_NoUserId off
> Anonymous_MustGiveEmail off
> Anonymous_VerifyEmail off
> Anonymous_LogEmail off
> Require valid-user
> </Location>
>
> But it fails.
>
> Have you got on idea on how to do this?

You cannot allow anonymous commits if you want to capture the
committer's name. IOW, you need to require authentication and that
requires that you prompt for a password (also, consider this: if you
don't enforce passwords, a malicious user can commit things to the
repository and impersonate someone else - do you *really* want a
complete lack of accountability?). See
http://svnbook.red-bean.com/en/1.7/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authn
Received on 2012-10-16 02:40:37 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.