Hi Stefan, Stefan Sperling writes: > > > Remote "load" seems scary -- How can I prevent my users from being > > able to use this command? Is the original > > > author of the dumped > > revision preserved, or is the author set to the user doing the load? > > Can users do > > > anything else bad, like changing repo UUID? > > > > Again, I expect that access control/ security is automatically taken > > care of in the RA layer. `svnrdump load` is just like a user making > > some changes and committing them one by one except the author and > > timestamp in the dumpfile are preserved. Why would you want to block > > this? > > Please verify this with testing, instead of just assuming that it works > (not entirely sure if you are simply assuming, but it sounds a bit like it).
I've tested it briefly, but not rigorously. I'll write some unittests soon. > Do we already have unit tests for svnrdump which check for authz interactions? > (A quick look into svnrdump_tests.py suggests that we don't.) No. I'll write them soon. As Bert pointed out, most of the security/ access control issues should be taken care of by the server. I'm more concerned about correct error handling, and bailing out cleanly; for all I know, there might be nothing to fix. -- Ram
