Hi all,
We are actively using authz path-based authentication rules: due to some legal
requirements, some parts of our product source code are not accessible to a
part of the developer team. Currently authz does not support wildcards (there
is an issue about that [1] discussed since 2006). Because of this, each time a
branch is created, authz rules have to be copied and modified for the new
branch.
This leads to a proliferation of authz rules; our authz is currently about
2000 lines and growing. I am currently implementing a post-commit script so
that we would be able to record authz rules on files/directories, and authz
would be appended with new rules every time these files/directories are
copied.
First, I am wondering how well such 'authz' approach would scale. Has anyone
run scalability tests on authz?
Second, I thought that if I am using properties to track authz-controlled
files, SVN server would probably do that more effectively than a post-commit
script. As an added value, property-based authz would allow versioning in
path-based auth configuration that current mechanism does not allow. E.g.,
currently one could either configure path /foo as either R/O, R/W or
unaccessible to user U; it is not possible to configure the path to be
unaccessible before/after a certain revision.
Thoughts? Ideas?
Regards,
Alexey.
[1] http://subversion.tigris.org/issues/show_bug.cgi?id=2662
Received on 2013-10-17 21:00:59 CEST