[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Path based authz - problem with rules for moved/deleted content

From: Schmidt, Michael <Michael.Schmidt_at_mevis.fraunhofer.de>
Date: Wed, 13 Feb 2013 09:30:01 +0000

Hello,

In my research institute we are using SVN with path based access control via mod_svn_authz. Now I am facing the problem that we had some code within our trunk folder which is only accessible to a subgroup of developers. In order to protect it from unauthorized access we added an access restriction for that code. Unfortunately, we learned the hard way that this is not really a good thing to do since it prevents all other users from being able to branch the trunk folder. Obviously, even after moving the "confidential" code to a different location we still have to keep the old authz rules in place in order to prevent leaking the code to unauthorized developers through the history access. Unfortunately, the existence of these rules continues to prevent non-privileged developers rules from being allowed to copy the trunk, although no content in the trunk is actually matched by the rules anymore. Currently, the only solution to this problem that I see would be to move the (now cleaned) trunk to a new location for which no such conflicting rules exist. However, we would rather use this as a last resort and prefer a solution that let's us continue to use the current structure. This is especially true since it could happen that somebody again commits confidential information to the trunk which then needs to be protected when we notice it.

Is anybody aware of a good way to deal with this kind of issues? Or is there any development going on to support such things in future versions, e.g. by allowing to configure revision ranges for which rules apply? I would appreciate any helpful hints on how one could deal with this topic now or in foreseeable future.

Best regards, Michael

------------------------------------------
Michael Schmidt
Fraunhofer MEVIS
Institute for Medical Image Computing
Universitaetsallee 29
28359 Bremen

Phone: +49-421-218-59273
Fax: +49-421-218-98-59273

Email: michael.schmidt_at_mevis.fraunhofer.de<mailto:michael.schmidt_at_mevis.fraunhofer.de>
Web: http://www.mevis.fraunhofer.de
------------------------------------------
Received on 2013-02-13 11:05:33 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.