Uploaded image for project: 'Subversion'
  1. Subversion
  2. SVN-3121

SVNAllowBulkUpdates mod_dav_svn directive

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.x
    • Fix Version/s: 1.6.0
    • Component/s: mod_dav_svn
    • Labels:
      None

      Description

      I've heard many times in recent weeks from enterprise-class consumers of
      Subversion who are bothered about the lack of file-level reporting.  Certainly
      Subversion's current mod_dav_svn operational logging leaves much to be desired
      for the security-concerned administrator who would like just a little more
      detail about what exact files were downloaded via Subversion than a one-liner
      "user foo did a checkout or export or update of /trunk", especially if they are
      employing path-based authorization.
      
      This isn't a problem for clients using ra_serf, which always asks for an update
      skelta and then fetches files with individual GET requests.  But while ra_neon
      used to behave this way, it no longer does by default, and you can't exactly
      force clients to use ra_serf in a way that isn't bypassable (User-agent
      spoofing, e.g.).
      
      So, how about a new mod_dav_svn directive when tells mod_dav_svn to flatly
      ignore requests for a send-all style update REPORT, and always reply with a
      skelta.  Ra_serf won't mind; ra_neon has fallback compatibility code that should
      be able to cope, too.  And administrators will get per-file GET request logging
      to ease the region of their minds that frets over security matters.
      

        Attachments

        1. 1_issue-3121-patch.txt
          7 kB
          C. Michael Pilato

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                cmpilato C. Michael Pilato
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: