>> From the apache web page tutorial on .htaccess files....
>
> < snip>
> There are two main reasons to avoid the use of .htaccess files.
>
> The first of these is performance. When AllowOverride is set to allow the use of .htaccess files, Apache will look in every directory for .htaccess files. Thus, permitting .htaccess files causes a performance hit, whether or not you actually even use them! Also, the .htaccess file is loaded every time a document is requested.
>
> < snip>
>
> The security flaw is that should the person setting up the server forgets to prevent downloads of .ht* then he/she could potentially leave a gaping hole in their security. Not everyone who uses websvn is going to be a web security guru, god knows I'm not and it scares me that I could accidentally leave my entire site open to the entire world.
While these advices from the Apache documentation are useful to guide an admin what he should consider when setting up a webserver.
I still consider .htaccess files a practicable way to perform authentication.
> The addition of authentication to sebsvn would also put you a cut above the rest of the crowd, none of whom seem to implement it either.
Again, I definitely agree that this would be a good feature.
But due to job-related duties I do not have the time to implement new features.
Realizing new features requires someone to step up with an implementation.
Contributions are very welcome and I would be happy to integrate new features.
Dirk
------------------------------------------------------
http://websvn.tigris.org/ds/viewMessage.do?dsForumId=1547&dsMessageId=2877788To unsubscribe from this discussion, e-mail: [
dev-unsubscribe@...].
