« Return to Thread: [WebSVN] SVN Access rights question.
Re: [WebSVN] SVN Access rights question.
by Dirk Thomas-3
::
Rate this Message:
> Actually, this is not an acceptable answer, in fact it smacks of a
> cop-out.
I don't now why you think the answer is "not acceptable".
I only described the current state of WebSVN - what is supported and what is not.
Calling it "smacks of a cop-out" is not quite appropriate.
> .htaccess is both insecure and causes performance penalties
> at the server side.
What makes you think that .htaccess is insecure?
There are numerous different authentication and authorization methods which can be used in a .htaccess file.
Claiming that all of them are insecure seems to be very dubious...
Why do you think that implementing an authentication method in PHP would make it faster?
> I uninstalled websvn and installed viewvc. Guess
> what. They are copping out on this one too from what I can tell.
>
> I MUCH prefer the look and feel of websvn over viewvc but i honestly
> cannot see myself having any use for it if it does not have the
> ability to log people in on a view access. You already have the
> ability to parse my subversion policy file, why not also log people in
> via the svn users file which contains their passwords? Why does
> nobody already do this?
As mentioned in my previous message: WebSVN does (currently) not handle authentication but only authorization.
Implementing authentication based on a SVN users file would definitely be possible.
But letting the webserver handle authentication and only deal with the authorization is a) simpler and b) enables to use any available authentication method.
Think about digest, LDAP, whatever - if WebSVN would like to support all of them they must all be implemented in PHP (or find a PHP library which provides the functionality).
An attempt to enable "mixed anon/auth authentication and login/logoff" without implementing authentication has been made in June 2010.
Please see the respective conversation on the mailing list for more details.
I do agree that such a feature would be very useful.
Since this is an open source project please feel free to contribute patches to improve functionality.
Dirk
------------------------------------------------------
http://websvn.tigris.org/ds/viewMessage.do?dsForumId=1547&dsMessageId=2877770
To unsubscribe from this discussion, e-mail: [dev-unsubscribe@...].
> cop-out.
I don't now why you think the answer is "not acceptable".
I only described the current state of WebSVN - what is supported and what is not.
Calling it "smacks of a cop-out" is not quite appropriate.
> .htaccess is both insecure and causes performance penalties
> at the server side.
What makes you think that .htaccess is insecure?
There are numerous different authentication and authorization methods which can be used in a .htaccess file.
Claiming that all of them are insecure seems to be very dubious...
Why do you think that implementing an authentication method in PHP would make it faster?
> I uninstalled websvn and installed viewvc. Guess
> what. They are copping out on this one too from what I can tell.
>
> I MUCH prefer the look and feel of websvn over viewvc but i honestly
> cannot see myself having any use for it if it does not have the
> ability to log people in on a view access. You already have the
> ability to parse my subversion policy file, why not also log people in
> via the svn users file which contains their passwords? Why does
> nobody already do this?
As mentioned in my previous message: WebSVN does (currently) not handle authentication but only authorization.
Implementing authentication based on a SVN users file would definitely be possible.
But letting the webserver handle authentication and only deal with the authorization is a) simpler and b) enables to use any available authentication method.
Think about digest, LDAP, whatever - if WebSVN would like to support all of them they must all be implemented in PHP (or find a PHP library which provides the functionality).
An attempt to enable "mixed anon/auth authentication and login/logoff" without implementing authentication has been made in June 2010.
Please see the respective conversation on the mailing list for more details.
I do agree that such a feature would be very useful.
Since this is an open source project please feel free to contribute patches to improve functionality.
Dirk
------------------------------------------------------
http://websvn.tigris.org/ds/viewMessage.do?dsForumId=1547&dsMessageId=2877770
To unsubscribe from this discussion, e-mail: [dev-unsubscribe@...].
« Return to Thread: [WebSVN] SVN Access rights question.
| Free embeddable forum powered by Nabble | Forum Help |
