Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
all
-
None
Description
I would like to have an option to specify in the "server level" a central hooks directory. Basically I would like to be sure that none of our users can run a hook script without going through the central hook script. This will help us to enforce security. We have thought about other options to enforce this, as symbolic links from all the hooks directories of all our repositories to a central location. But that doesn't solve all the problems, like the "repository inside a repository" problem. Meaning that a user can have a hook script that creates a repository inside the hooks repository and then use this new repository to do whatever they want in the machine. Of course there are more ways to solve this, but they are complicated. In my humble opinion the "central hooks directory" option is a simple way to enforce security. I just think it will be simpler just to allow a custom hooks directory. For example, using svnserve.conf file, or as an option to the svnserve itself.
Original issue reported by agonzale