You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by John Les <jl...@bfse.org> on 2007/02/22 01:23:43 UTC
Security Problem
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Arial"><br>
I have a Subversion security problem. Below is my http hierarchy:<br>
<br>
<a class="moz-txt-link-freetext" href="http:/company.org/svn">http:/company.org/svn</a><br>
DirA<br>
DirB<br>
DirC<br>
<br>
Entering in the URL to the top level of the repository (</font><font
face="Arial"><a class="moz-txt-link-freetext"
href="http:/company.org/svn">http:/company.org/svn</a> </font><font
face="Arial">)will
invoke a login window. After entering the proper login the home page
appears consisting of the three directories. If I instead enter </font><font
face="Arial"><a class="moz-txt-link-freetext"
href="http:/company.org/svn/DirA">http:/company.org/svn/DirA</a> or
DirB the same login widow
appears, as expected. But one directory is insecure. If I enter </font><font
face="Arial"><a class="moz-txt-link-freetext"
href="http:/company.org/svn/DirC">http:/company.org/svn/DirC</a>, no
login appears and the web
page is displayed immediately. This is a serious security issue to
us. How can I correct this?<br>
<br>
Thank you,<br>
John Les<br>
<a class="moz-txt-link-abbreviated" href="mailto:jles@bfse.org">jles@bfse.org</a><br>
<br>
<br>
</font><font face="Arial"><br>
</font><br>
</body>
</html>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Security Problem
Posted by Paul <al...@gmail.com>.
John,
If your login credentials are the same, and you did not close your
browser, it is possible that your browser has cached your credentials
and supplied them automatically.
Paul
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org