On 5/15/14, 1:15 AM, Terry Dooher wrote: > That's so much clearer now and sounds like something I can definitely use. > As I understand it, the downside is that the server will reveal path > components > and filenames within restricted areas during log operations?
Don't think you quite understand yet. If Subversion is revealing path compontents/filenames within restricted areas during log then it can be revealing file contents (by way of the REPORT method and bulk updates). The short_circuit setting can only break security in this way if and only if you have some other module than mod_authz_svn that looks at paths to determine what access to provide. Many modules may have different configurations per Location, but most don't look at the path like mod_authz_svn does and give different answers within the same Location for the same request. In fact I'm not aware of any such module that does this that comes with httpd, so you'd have to install some 3rd party or custom module to run into this. Meaning for the vast majority of users if they're using mod_authz_svn they should have SVNPathAuthz set to short_circuit. The off setting, should never be used with mod_authz_svn. It's probabbly possible to configure things such that you only leak file paths, by disabling bulk updates. But I'm not 100% sure that there isn't an edge case that wouldn't be missed by that. For the vast majority of users these rules are true: Using mod_authz_svn with an AuthzSVNAccessFile set you want SVNPathAuthz set to short_circuit. Not using mod_authz_svn, no AuthzSVNAccessFile set, you want SVNPathAuthz set to off. The exception is if you use some weird authorization module like I explained above.
