You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by John Les <jl...@bfse.org> on 2007/02/22 01:23:43 UTC

Security Problem

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Arial"><br>
I have a Subversion security problem.&nbsp; Below is my http hierarchy:<br>
<br>
<a class="moz-txt-link-freetext" href="http:/company.org/svn">http:/company.org/svn</a><br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; DirA<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; DirB<br>
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; DirC<br>
<br>
Entering in the URL to the top level of the repository (</font><font
 face="Arial"><a class="moz-txt-link-freetext"
 href="http:/company.org/svn">http:/company.org/svn</a> </font><font
 face="Arial">)will
invoke a login window.&nbsp; After entering the proper login the home page
appears consisting of the three directories.&nbsp; If I instead enter&nbsp; </font><font
 face="Arial"><a class="moz-txt-link-freetext"
 href="http:/company.org/svn/DirA">http:/company.org/svn/DirA</a> or
DirB&nbsp; the same login widow
appears, as expected.&nbsp; But one directory is insecure.&nbsp; If I enter </font><font
 face="Arial"><a class="moz-txt-link-freetext"
 href="http:/company.org/svn/DirC">http:/company.org/svn/DirC</a>, no
login appears and the web
page is displayed immediately.&nbsp; This is a serious security issue to
us.&nbsp; How can I correct this?<br>
<br>
Thank you,<br>
John Les<br>
<a class="moz-txt-link-abbreviated" href="mailto:jles@bfse.org">jles@bfse.org</a><br>
<br>
<br>
</font><font face="Arial"><br>
</font><br>
</body>
</html>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Security Problem

Posted by Paul <al...@gmail.com>.

John,
If your login credentials are the same, and you did not close your
browser, it is possible that your browser has cached your credentials
and supplied them automatically.

Paul

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org