[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVNListParentPath without path based authz checks?

From: Eric Johnson <eric_at_tibco.com>
Date: Mon, 10 Aug 2015 13:55:45 -0700

Curious. You've come to the opposite conclusion from what we've deployed at
my company.

We let Subversion limit the listed repositories, and we have a separate
generated list of repositories.

That way, you're not playing with Subversion's access file to try to get it
right. Leave that alone, and show the list elsewhere. Seems safer, from a
security perspective - in that you cannot accidentally expose what you
don't want to.

Eric.

On Mon, Aug 10, 2015 at 11:22 AM, Thorsten Schöning <tschoening_at_am-soft.de>
wrote:

> Hi all,
>
> I'm currently trying to implement access to my svn repos using
> mod_dav_svn and all my repos have a authz file to define who can
> access which paths. I would like to be able to have a listing of all
> available repos without the need for any authorization, but instead
> only if any path within the repo gets accessed authorization should be
> required.
>
> My configuration is as follows:
>
> > <Location "/bin">
> > DAV svn
> > SVNParentPath /home/ams_svn_repos/Bin
> > SVNListParentPath On
> > AuthzSVNReposRelativeAccessFile authz
> > </Location>
>
> The problem now is that my repos are only visible in the dir listing
> if I change my authz file to give everyone read access in "/", which
> is of course not what I want. If I don't the repo's name is not
> mentioned in the listing and from reading through the logs I can see
> that the authz file gets processed and specifies denied access.
>
> If I remove the processing of the authz file the listing works of
> course, but I need path based access checking for the contents of the
> repo.
>
> Is this behavior by design or am I doing something wrong? From my
> point of view "SVNListParentPath" is managed outside of the repo and
> therefore authz should be ignored on that level.
>
> Thanks for your input!
>
> Mit freundlichen Grüßen,
>
> Thorsten Schöning
>
> --
> Thorsten Schöning E-Mail: Thorsten.Schoening_at_AM-SoFT.de
> AM-SoFT IT-Systeme http://www.AM-SoFT.de/
>
> Telefon...........05151- 9468- 55
> Fax...............05151- 9468- 88
> Mobil..............0178-8 9468- 04
>
> AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln
> AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow
>
>
Received on 2015-08-10 22:56:16 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.