subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Schmidt, Michael" <Michael.Schm...@mevis.fraunhofer.de>
Subject Path based authz - problem with rules for moved/deleted content
Date Wed, 13 Feb 2013 09:30:01 GMT
Hello,

In my research institute we are using SVN with path based access control via mod_svn_authz.
Now I am facing the problem that we had some code within our trunk folder which is only accessible
to a subgroup of developers. In order to protect it from unauthorized access we added an access
restriction for that code. Unfortunately, we learned the hard way that this is not really
a good thing to do since it prevents all other users from being able to branch the trunk folder.
Obviously, even after moving the "confidential" code to a different location we still have
to keep the old authz rules in place in order to prevent leaking the code to unauthorized
developers through the history access. Unfortunately, the existence of these rules continues
to prevent non-privileged developers rules from being allowed to copy the trunk, although
no content in the trunk is actually matched by the rules anymore. Currently, the only solution
to this problem that I see would be to move the (now cleaned) trunk to a new location for
which no such conflicting rules exist. However, we would rather use this as a last resort
and prefer a solution that let's us continue to use the current structure. This is especially
true since it could happen that somebody again commits confidential information to the trunk
which then needs to be protected when we notice it.

Is anybody aware of a good way to deal with this kind of issues? Or is there any development
going on to support such things in future versions, e.g. by allowing to configure revision
ranges for which rules apply? I would appreciate any helpful hints on how one could deal with
this topic now or in foreseeable future.

Best regards, Michael


------------------------------------------
Michael Schmidt
Fraunhofer MEVIS
Institute for Medical Image Computing
Universitaetsallee 29
28359 Bremen

Phone: +49-421-218-59273
Fax:   +49-421-218-98-59273

Email: michael.schmidt@mevis.fraunhofer.de<mailto:michael.schmidt@mevis.fraunhofer.de>
Web:   http://www.mevis.fraunhofer.de
------------------------------------------


Mime
View raw message