subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Johnson <e...@tibco.com>
Subject Re: SVNListParentPath without path based authz checks?
Date Mon, 10 Aug 2015 20:55:45 GMT
Curious. You've come to the opposite conclusion from what we've deployed at
my company.

We let Subversion limit the listed repositories, and we have a separate
generated list of repositories.

That way, you're not playing with Subversion's access file to try to get it
right. Leave that alone, and show the list elsewhere. Seems safer, from a
security perspective - in that you cannot accidentally expose what you
don't want to.

Eric.


On Mon, Aug 10, 2015 at 11:22 AM, Thorsten Schöning <tschoening@am-soft.de>
wrote:

> Hi all,
>
> I'm currently trying to implement access to my svn repos using
> mod_dav_svn and all my repos have a authz file to define who can
> access which paths. I would like to be able to have a listing of all
> available repos without the need for any authorization, but instead
> only if any path within the repo gets accessed authorization should be
> required.
>
> My configuration is as follows:
>
> >        <Location "/bin">
> >                DAV                             svn
> >                SVNParentPath                   /home/ams_svn_repos/Bin
> >                SVNListParentPath               On
> >                AuthzSVNReposRelativeAccessFile authz
> >        </Location>
>
> The problem now is that my repos are only visible in the dir listing
> if I change my authz file to give everyone read access in "/", which
> is of course not what I want. If I don't the repo's name is not
> mentioned in the listing and from reading through the logs I can see
> that the authz file gets processed and specifies denied access.
>
> If I remove the processing of the authz file the listing works of
> course, but I need path based access checking for the contents of the
> repo.
>
> Is this behavior by design or am I doing something wrong? From my
> point of view "SVNListParentPath" is managed outside of the repo and
> therefore authz should be ignored on that level.
>
> Thanks for your input!
>
> Mit freundlichen Grüßen,
>
> Thorsten Schöning
>
> --
> Thorsten Schöning       E-Mail: Thorsten.Schoening@AM-SoFT.de
> AM-SoFT IT-Systeme      http://www.AM-SoFT.de/
>
> Telefon...........05151-  9468- 55
> Fax...............05151-  9468- 88
> Mobil..............0178-8 9468- 04
>
> AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln
> AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow
>
>

Mime
View raw message