Security with SVN

[Peter McAlpine <pe...@gmail.com>]

I've setup permissions on my repository with authz/https and only
authorized users are allowed to check out particular sensitive
directories. However, I've just noticed that if a non-privileged user
knows the revision number of what has changed they can see the log and
diff of things that they shouldn't have access to.

How can I prevent this from happening?

-Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Security with SVN

[Lieven Govaerts <sv...@mobsol.be>]

Peter McAlpine wrote:
> I've setup permissions on my repository with authz/https and only
> authorized users are allowed to check out particular sensitive
> directories. However, I've just noticed that if a non-privileged user
> knows the revision number of what has changed they can see the log and
> diff of things that they shouldn't have access to.
>
> How can I prevent this from happening?
This shouldn't happen at all, if that user doesn't have access to a
path, that restriction goes for any revision and for any subversion command.

Can you give some more detailed information?

Lieven

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org