subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Danger Bentley <dtbent...@gmail.com>
Subject Re: Is there an authenticated no-op in subversion?
Date Mon, 07 Jun 2010 20:31:18 GMT
On Mon, Jun 7, 2010 at 4:27 PM, Rob van Oostrum <rvanoo@gmail.com> wrote:

> On Mon, Jun 7, 2010 at 12:03 PM, Daniel Danger Bentley <
> dtbentley@gmail.com> wrote:
>
>> I'm working on a system to interact with subversion automatically. Some of
>> the repositories in question work over https, and this requires
>> authentication for certain actions.
>>
>> I would love to separate authentication from action. Is there a way to
>> perform an authenticated no-op (which would fail if not authenticated)? If
>> this did exist, then I could first try this, and perform the hairier actions
>> only once I'm sure I'm authenticated.
>>
>> The best we've been able to come up with at work so far is to do a propset
>> on a revision property.
>>
>> Thanks,
>> -Dan Bentley
>>
>
> You are confusing authentication with authorization. Authentication = "user
> is who they say they are". Authorization = "user has permission to do X"
> (user may or may not be authenticated), which can (and often does) depend on
> both authz configuration and repository hooks.
>
> Authentication can be covered simply by disallowing any non-authenticated
> write access. Predicting authorization is more complicated unless you can
> safely "if test X works, real operation Y should also work".
>
> If all you really need is in fact an authenticated no-op, you should be
> able to run any read operation, which - if you are disallowing anonymous
> access entirely - will only work when already authenticated.
>
>
We don't disallow anonymous access entirely. Anonymous read access is often
allowed.

In this case, I control the client software but not the server. So I would
like to test if things work on the client so I can fail early.

So there is no dry run mode I could try an operation through? If only writes
require authorization, then there is no no-visible-impact way to test
authentication?

Thanks much,
-Dan



> Cheers
> Rob
>



-- 
"My youngest daughter is 13 months old, and in her limited vocabulary
alongside essentials like 'mom-mom', 'da-da', and 'meow' she knows to say
'zhooom' and wave her arm around when she wants me to get a lightsaber down
off a shelf for her to play with. As far as I'm concerned that's Parent of
the Year Award material right there." - Aurich Lawson

Mime
View raw message