« Return to Thread: [WebSVN] SVN Access rights question.
RE: Re: [WebSVN] SVN Access rights question.
by webpost
::
Rate this Message:
seems even .htaccess cannot solve the issue i was trying to resolve. Seems i can force everyone to authenticate at http://websvn.mydomain.com but not make them authenticate after getting there and clicking on one of the listed repositories.
this is intended to be a fully open listing of all repositories on the system but should require authentication to view given repositories. I need per repository authentication and .htaccess cannot seem to give me this.
After having spent days trying to resolve this and seeing exactly how many other people over the years have asked for EXACTLY THIS im somewhat stumped as to why you have never implemented it actually.
> >> From the apache web page tutorial on .htaccess files....
> >
> > < snip>
> > There are two main reasons to avoid the use of .htaccess files.
> >
> > The first of these is performance. When AllowOverride is set to allow the use of .htaccess files, Apache will look in every directory for .htaccess files. Thus, permitting .htaccess files causes a performance hit, whether or not you actually even use them! Also, the .htaccess file is loaded every time a document is requested.
> >
> > < snip>
> >
> > The security flaw is that should the person setting up the server forgets to prevent downloads of .ht* then he/she could potentially leave a gaping hole in their security. Not everyone who uses websvn is going to be a web security guru, god knows I'm not and it scares me that I could accidentally leave my entire site open to the entire world.
>
> While these advices from the Apache documentation are useful to guide an admin what he should consider when setting up a webserver.
> I still consider .htaccess files a practicable way to perform authentication.
>
> > The addition of authentication to sebsvn would also put you a cut above the rest of the crowd, none of whom seem to implement it either.
>
> Again, I definitely agree that this would be a good feature.
> But due to job-related duties I do not have the time to implement new features.
>
> Realizing new features requires someone to step up with an implementation.
> Contributions are very welcome and I would be happy to integrate new features.
>
> Dirk
------------------------------------------------------
http://websvn.tigris.org/ds/viewMessage.do?dsForumId=1547&dsMessageId=2877835
To unsubscribe from this discussion, e-mail: [dev-unsubscribe@...].
this is intended to be a fully open listing of all repositories on the system but should require authentication to view given repositories. I need per repository authentication and .htaccess cannot seem to give me this.
After having spent days trying to resolve this and seeing exactly how many other people over the years have asked for EXACTLY THIS im somewhat stumped as to why you have never implemented it actually.
> >> From the apache web page tutorial on .htaccess files....
> >
> > < snip>
> > There are two main reasons to avoid the use of .htaccess files.
> >
> > The first of these is performance. When AllowOverride is set to allow the use of .htaccess files, Apache will look in every directory for .htaccess files. Thus, permitting .htaccess files causes a performance hit, whether or not you actually even use them! Also, the .htaccess file is loaded every time a document is requested.
> >
> > < snip>
> >
> > The security flaw is that should the person setting up the server forgets to prevent downloads of .ht* then he/she could potentially leave a gaping hole in their security. Not everyone who uses websvn is going to be a web security guru, god knows I'm not and it scares me that I could accidentally leave my entire site open to the entire world.
>
> While these advices from the Apache documentation are useful to guide an admin what he should consider when setting up a webserver.
> I still consider .htaccess files a practicable way to perform authentication.
>
> > The addition of authentication to sebsvn would also put you a cut above the rest of the crowd, none of whom seem to implement it either.
>
> Again, I definitely agree that this would be a good feature.
> But due to job-related duties I do not have the time to implement new features.
>
> Realizing new features requires someone to step up with an implementation.
> Contributions are very welcome and I would be happy to integrate new features.
>
> Dirk
------------------------------------------------------
http://websvn.tigris.org/ds/viewMessage.do?dsForumId=1547&dsMessageId=2877835
To unsubscribe from this discussion, e-mail: [dev-unsubscribe@...].
« Return to Thread: [WebSVN] SVN Access rights question.
| Free embeddable forum powered by Nabble | Forum Help |
