You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Greg Thomas <Gr...@TheThomasHome.co.uk> on 2006/02/23 15:38:21 UTC
PATCH: FAQ update re. preventing browsing of .svn
[[[
* www/faq.html (website-auto-update): Use a much simpler 404 error to
prevent browsing of the admin directory.
]]]
Re: PATCH: FAQ update re. preventing browsing of .svn
Posted by Greg Thomas <gr...@gmail.com>.
On 2/25/06, Max Bowsher <ma...@ukf.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Greg Thomas wrote:
> > [[[
> > * www/faq.html (website-auto-update): Use a much simpler 404 error to
> > prevent browsing of the admin directory.
> > ]]]
>
> But the existing version is more accurate (403 vs. 404), and is clearly
> an access restriction, instead of being disguised as a redirect, so I
> prefer to maintain the existing version.
It stuck me that whilst 403 is more accurate, if you're trying to
disguise the fact that WWW site is a working copy, a 404 may be more
appropriate.
However, I'm not too worred; just thought I'd bring it up as I spotted
it whilst browsing the FAQ - I did compose an email to bring it up,
but then it struck me as just as easy to submit a patch as a
discussion point.
Greg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: PATCH: FAQ update re. preventing browsing of .svn
Posted by André Malo <nd...@perlig.de>.
* Max Bowsher wrote:
> Greg Thomas wrote:
> > [[[
> > * www/faq.html (website-auto-update): Use a much simpler 404 error to
> > prevent browsing of the admin directory.
> > ]]]
>
> But the existing version is more accurate (403 vs. 404), and is clearly
> an access restriction, instead of being disguised as a redirect, so I
> prefer to maintain the existing version.
Well, firest it's not a redirect, it's just the directive, which only
happens to set the status code. It could be 403 as well.
Second, IMHO, the versions are equally accurate, it just depends on the
perspective. With 403 you tell via HTTP that you support these .svn/* URLs
but for whatever reason, the client is not allowed to see them. With 404
you just move those URLs away from the URL space. URL space and filesystem
don't have to match exactly. You know that of course ;-) it's just to
explain the POV.
nd
--
"Solides und umfangreiches Buch"
-- aus einer Rezension
<http://pub.perlig.de/books.html#apache2>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: PATCH: FAQ update re. preventing browsing of .svn
Posted by Max Bowsher <ma...@ukf.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greg Thomas wrote:
> [[[
> * www/faq.html (website-auto-update): Use a much simpler 404 error to
> prevent browsing of the admin directory.
> ]]]
But the existing version is more accurate (403 vs. 404), and is clearly
an access restriction, instead of being disguised as a redirect, so I
prefer to maintain the existing version.
Max.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
iD8DBQFEAD2WfFNSmcDyxYARAgnzAKDBPQ3HccQj4hrzzY7yRzfnQPgHPwCg1wH/
Ed316VYmj9wUTCARC6/u+vw=
=wFNB
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org