subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Brodbeck <bro...@uw.edu>
Subject Re: Behaviour on minor .control misconfiguration
Date Wed, 23 Feb 2011 00:12:20 GMT
On Sun, Feb 20, 2011 at 12:36 PM, Daniel creo Haslinger <
creo-23985-subversion@blackmesa.at> wrote:

> I am not sure if it is proper behavior to ignore a whole file instead
> of a single misconfigured line.
>
> Of course there might be some reason to do this I'm not aware of,
> but I can't think of one yet :-)
>

The only problem I can see is it might result in more access than intended.
 e.g., what if the default is "*=rw", and I do "r=*" in an entry?  If it
just works, I might not realize right away that all users still have write
access.

On the other hand, in general the Subversion project maintainers' policy
seems to be to discourage use of path-based access control (see the box on
http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html), so
it's possible you might get some people to agree that having the security
"fail open" is desirable here.

-- 
David Brodbeck
System Administrator, Linguistics
University of Washington

Mime
View raw message