You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Andrew Goodnough <An...@wicourts.gov> on 2006/03/01 17:55:41 UTC
Slowness on 'svn log' related to Issue #2151 ?
http://subversion.tigris.org/issues/show_bug.cgi?id=2151
We're seeing massive slowness on the 'svn log' command using the CLI,
as well as through Subclipse when doing a Team -> Show in Resource
History. The slowness is anywhere from 0 to 5min. We're using Apache
authentication over WebDAV and a FS backend. I'm seeing the following -
note the difference "real" time:
***on the client workstation, using Apache auth***
> time svn log CaseMgmt.java
------------------------------------------------------------------------
r115 | buildmaster | 2006-02-24 12:17:15 -0600 (Fri, 24 Feb 2006) | 1
line
Exported from CVS
------------------------------------------------------------------------
real 2m6.123s
user 0m0.020s
sys 0m0.004s
***on the server, using local auth***
time svn log CaseMgmt.java
------------------------------------------------------------------------
r115 | buildmaster | 2006-02-24 12:17:15 -0600 (Fri, 24 Feb 2006) | 1
line
Exported from CVS
------------------------------------------------------------------------
real 0m0.016s
user 0m0.008s
sys 0m0.008s
This issue appears to be related to #2151 and PROPFIND but I don't know
the Subversion internals well enough to know for sure. Anybody got a
feeling one way or the other? That issue has a patch and may be
included in 1.4. Thanks.
Andy
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Slowness on 'svn log' related to Issue #2151 ?
Posted by Andrew Goodnough <An...@wicourts.gov>.
Thanks. Leaving it on and still being able to restrict access is
reasonable to me, too. Good to know. (I think Matt Doran said this
same thing but it stuck the 2nd time) :)
Andy
>>> On Thu, Mar 2, 2006 at 9:31 am, in message
<OF...@softlanding.com>,
Mark Phippard <ma...@softlanding.com> wrote:
> "Andrew Goodnough" <An...@wicourts.gov> wrote on
03/02/2006
> 10:21:43 AM:
>
>> Thanks, setting 'SVNPathAuthz off' fixed it. We were planning to
>> configure AuthZ later to define a tighter access policy but if this
>> performance penalty exists we'll have to think again. It seems this
is
>> the nature of the beast, rather than a bug.
>
> Depending on how concerned you are about security, you can still use
AuthZ
> and get good security even with this setting. Let's say there was a
> commit of stuff (by someone else) in multiple projects, some of which
you
> do not have authority to via the AuthZ settings. Without this
setting, if
> you ran svn log, it would omit from the log the files that were
changed in
> projects you are not authorized to. With this setting, that extra
> checking is not performed and svn log would show you that those files
were
> changed. Personally, this does not concern me.
>
> However, with this setting, you still cannot directly access the
stuff you
> are not authorized to access, such as commit or checkout. So it is
not
> that bad to have this setting in effect.
>
> Mark
>
>
>
>
____________________________________________________________________________
> _
> Scanned for SoftLanding Systems, Inc. and SoftLanding Europe Plc by
IBM
> Email Security Management Services powered by MessageLabs.
>
____________________________________________________________________________
> _
>
>
---------------------------------------------------------------------
> To unsubscribe, e- mail: users- unsubscribe@subversion.tigris.org
> For additional commands, e- mail: users- help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Slowness on 'svn log' related to Issue #2151 ?
Posted by Mark Phippard <ma...@softlanding.com>.
"Andrew Goodnough" <An...@wicourts.gov> wrote on 03/02/2006
10:21:43 AM:
> Thanks, setting 'SVNPathAuthz off' fixed it. We were planning to
> configure AuthZ later to define a tighter access policy but if this
> performance penalty exists we'll have to think again. It seems this is
> the nature of the beast, rather than a bug.
Depending on how concerned you are about security, you can still use AuthZ
and get good security even with this setting. Let's say there was a
commit of stuff (by someone else) in multiple projects, some of which you
do not have authority to via the AuthZ settings. Without this setting, if
you ran svn log, it would omit from the log the files that were changed in
projects you are not authorized to. With this setting, that extra
checking is not performed and svn log would show you that those files were
changed. Personally, this does not concern me.
However, with this setting, you still cannot directly access the stuff you
are not authorized to access, such as commit or checkout. So it is not
that bad to have this setting in effect.
Mark
_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. and SoftLanding Europe Plc by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Slowness on 'svn log' related to Issue #2151 ?
Posted by Andrew Goodnough <An...@wicourts.gov>.
Thanks, setting 'SVNPathAuthz off' fixed it. We were planning to
configure AuthZ later to define a tighter access policy but if this
performance penalty exists we'll have to think again. It seems this is
the nature of the beast, rather than a bug.
Andy
>>> On Wed, Mar 1, 2006 at 10:43 pm, in message
<44...@papercut.biz>,
Matt Doran <ma...@papercut.biz> wrote:
> Hi Andrew,
>
> You might be after this .... (SVNPathAuthz)
>
> http://svnbook.red-
bean.com/nightly/en/svn.serverconfig.httpd.html#svn.server
> config.httpd.authz.pathauthzoff
>
> My understanding is that disabling this does not disable security
> completely, but disables the checking of "sub- paths" for the
request.
>
> For example, when this is enabled and you do a "log", it checks that
> every path in that commit is accessible, so that there is no
information
> leak about parts of the repository you don't have access to. But I
> think in many situation this is overkill. If you disable this
> option, then users can see that something has changed in a path that
> they don't have access to .... but they still can't view the contents
of
> the path.
>
> Regards,
> Matt
>
> Matt Doran
> PaperCut Software Pty. Ltd.
> Phone: +61 (3) 9571 1151
> E- mail: matt.doran@papercut.biz
> Profile: http://www.papercut.biz/company.htm#matt
> Blog: http://blogs.papercutsoftware.com/matt.doran/
>
>
>
> Andrew Goodnough wrote:
>> http://subversion.tigris.org/issues/show_bug.cgi?id=2151
>>
>> We're seeing massive slowness on the 'svn log' command using the
CLI,
>> as well as through Subclipse when doing a Team - > Show in Resource
>> History. The slowness is anywhere from 0 to 5min. We're using
Apache
>> authentication over WebDAV and a FS backend. I'm seeing the
following -
>> note the difference "real" time:
>>
>>
>> ***on the client workstation, using Apache auth***
>>
>>
>>> time svn log CaseMgmt.java
>>>
>>
------------------------------------------------------------------------
>> r115 | buildmaster | 2006- 02- 24 12:17:15 - 0600 (Fri, 24 Feb 2006)
| 1
>> line
>>
>> Exported from CVS
>>
------------------------------------------------------------------------
>>
>> real 2m6.123s
>> user 0m0.020s
>> sys 0m0.004s
>>
>>
>>
>> ***on the server, using local auth***
>>
>> time svn log CaseMgmt.java
>>
------------------------------------------------------------------------
>> r115 | buildmaster | 2006- 02- 24 12:17:15 - 0600 (Fri, 24 Feb 2006)
| 1
>> line
>>
>> Exported from CVS
>>
------------------------------------------------------------------------
>>
>> real 0m0.016s
>> user 0m0.008s
>> sys 0m0.008s
>>
>>
>> This issue appears to be related to #2151 and PROPFIND but I don't
know
>> the Subversion internals well enough to know for sure. Anybody got
a
>> feeling one way or the other? That issue has a patch and may be
>> included in 1.4. Thanks.
>>
>> Andy
>>
>>
---------------------------------------------------------------------
>> To unsubscribe, e- mail: users- unsubscribe@subversion.tigris.org
>> For additional commands, e- mail: users- help@subversion.tigris.org
>>
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Slowness on 'svn log' related to Issue #2151 ?
Posted by Matt Doran <ma...@papercut.biz>.
Hi Andrew,
You might be after this .... (SVNPathAuthz)
http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz.pathauthzoff
My understanding is that disabling this does not disable security
completely, but disables the checking of "sub-paths" for the request.
For example, when this is enabled and you do a "log", it checks that
every path in that commit is accessible, so that there is no information
leak about parts of the repository you don't have access to. But I
think in many situation this is overkill. If you disable this
option, then users can see that something has changed in a path that
they don't have access to .... but they still can't view the contents of
the path.
Regards,
Matt
Matt Doran
PaperCut Software Pty. Ltd.
Phone: +61 (3) 9571 1151
E-mail: matt.doran@papercut.biz
Profile: http://www.papercut.biz/company.htm#matt
Blog: http://blogs.papercutsoftware.com/matt.doran/
Andrew Goodnough wrote:
> http://subversion.tigris.org/issues/show_bug.cgi?id=2151
>
> We're seeing massive slowness on the 'svn log' command using the CLI,
> as well as through Subclipse when doing a Team -> Show in Resource
> History. The slowness is anywhere from 0 to 5min. We're using Apache
> authentication over WebDAV and a FS backend. I'm seeing the following -
> note the difference "real" time:
>
>
> ***on the client workstation, using Apache auth***
>
>
>> time svn log CaseMgmt.java
>>
> ------------------------------------------------------------------------
> r115 | buildmaster | 2006-02-24 12:17:15 -0600 (Fri, 24 Feb 2006) | 1
> line
>
> Exported from CVS
> ------------------------------------------------------------------------
>
> real 2m6.123s
> user 0m0.020s
> sys 0m0.004s
>
>
>
> ***on the server, using local auth***
>
> time svn log CaseMgmt.java
> ------------------------------------------------------------------------
> r115 | buildmaster | 2006-02-24 12:17:15 -0600 (Fri, 24 Feb 2006) | 1
> line
>
> Exported from CVS
> ------------------------------------------------------------------------
>
> real 0m0.016s
> user 0m0.008s
> sys 0m0.008s
>
>
> This issue appears to be related to #2151 and PROPFIND but I don't know
> the Subversion internals well enough to know for sure. Anybody got a
> feeling one way or the other? That issue has a patch and may be
> included in 1.4. Thanks.
>
> Andy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
>