See my comment on the blog post, Gabriel. Did you actually *test* my workaround, or are you speculating based on your understanding of the theory of it. I'm happy to address actual problems found in the workaround -- *very happy*, in fact, since I'm using the workaround myself to protect private information! But as far as I know, it works as advertised.
Gabriel Ricardo wrote: > Hi Jon, > The link you sent was helpful and the final workaround mentioned in > the article seems to work, except one thing... > There seems to be a security hole, which is that web-browsing of the > restricted sub-directory is still possible using the anonymous-open > URL. Thus, the solution does not seem to be feasible. I'll followup > by commenting directly on the authors article, but if anyone has any > other suggestions, it would be greatly appreciated. > > Thanks, > > > On Sun, Dec 20, 2009 at 10:36 PM, Gabriel Ricardo > <[email protected]> wrote: >> Thanks for all the responses. I tried all of the suggestions, but >> unfortunately none of them worked. I also downloaded and installed >> subversion 1.6.5, along with apache 2.2.14 to see if maybe I needed >> more recent versions. I still have the same strange behavior, where >> either the sub-directory appears to users as if it does not exist, or >> all users can access it. Very frustrating. Seems like this is an >> area of subversion functionality that would greatly benefit from some >> more documentation, or some subversion developers troubleshooting why >> this breaks down for so many users. >> >> >> >> On Thu, Dec 17, 2009 at 3:08 AM, Jon Foster <[email protected]> wrote: >>> Hi, >>> >>> Gabriel Ricardo wrote: >>>> I cannot figure out how to restrict permissions on a sub-directory. >>>> What I want is to have anonymous read/write access to everything >>>> except a sub-directory, where only two users have read/write and >>>> everyone else has no access (read or write). I've done a lot of >>> This looks relevant: >>> >>> http://blogs.open.collab.net/svn/2007/03/authz_and_anon_.html >>>>> Since anonymous users can checkout the tree, Apache never bothers >>>>> to query you for authentication credentials. And you can't force >>>>> Subversion to transmit authentication credentials when Apache >>>>> hasn't asked for them. >>> There are workarounds documented in the blog post. >>> >>> Kind regards, >>> >>> Jon >>> >>> >>> ********************************************************************** >>> This email and its attachments may be confidential and are intended solely >>> for the use of the individual to whom it is addressed. Any views or >>> opinions expressed are solely those of the author and do not necessarily >>> represent those of Cabot Communications Ltd. >>> >>> If you are not the intended recipient of this email and its attachments, >>> you must take no action based upon them, nor must you copy or show them to >>> anyone. >>> >>> Cabot Communications Limited >>> Verona House, Filwood Road, Bristol BS16 3RY, UK >>> +44 (0) 1179584232 >>> >>> Co. Registered in England number 02817269 >>> >>> Please contact the sender if you believe you have received this email in >>> error. >>> >>> ********************************************************************** >>> >>> >>> ______________________________________________________________________ >>> This email has been scanned by the MessageLabs Email Security System. >>> For more information please visit http://www.messagelabs.com/email >>> ______________________________________________________________________ >>> -- C. Michael Pilato <[email protected]> CollabNet <> www.collab.net <> Distributed Development On Demand
signature.asc
Description: OpenPGP digital signature
