> -----Original Message----- > From: Andy Canfield [mailto:andy.canfi...@pimco.mobi] > Sent: 29 July 2011 02:27 > To: Geoff Hoffman > Cc: Nico Kadel-Garcia; users@subversion.apache.org > Subject: Re: disable security hole in svn+ssh?
<snip> > Apparently, regardless of the protocol, the Subversion > library code always checks $SVNParentPath/$Repository/conf/* > and obeys svnserve.conf and authz. So I need to learn to use > that effectively. <snip> I am fairly certain that you are wrong about this, only svnserve looks at the svnserve.conf and I believe that you can safely remove this file if you do not use svnserve. In fact the first lines of the default file are: ### This file controls the configuration of the svnserve daemon, if you ### use it to allow access to this repository. (If you only allow ### access through http: and/or file: URLs, then this file is ### irrelevant.) Apache httpd access would not use it at all and will only apply authz if you use the AuthzSVNAccessFile directive... ~ mark c
