[svnbook commit] r1258 - in trunk/src/en: . book

sussman svnbook-dev at red-bean.com
Mon May 2 21:01:39 CDT 2005


Author: sussman
Date: Mon May  2 21:01:38 2005
New Revision: 1258

Modified:
   trunk/src/en/TODO
   trunk/src/en/book/ch06.xml
Log:

* src/en/book/ch06.xml:  document SVNPathAuthz directive.

* src/en/TODO:  mark of 1.1 to-do item.


Modified: trunk/src/en/TODO
==============================================================================
--- trunk/src/en/TODO	(original)
+++ trunk/src/en/TODO	Mon May  2 21:01:38 2005
@@ -109,11 +109,6 @@
        This probably needs to be an "advanced topics" chapter 7
        section (MIKE).
 
-  * New 'SVNPathAuthz Off' directive, to disable path-based authz in
-    apache (and increase speed.)   
-
-        (BEN) will mention this in chapter 6, but:
-
   * Need 'definitive list' of all mod_dav_svn directives.
 
         (FITZ) new chapter 9 section.

Modified: trunk/src/en/book/ch06.xml
==============================================================================
--- trunk/src/en/book/ch06.xml	(original)
+++ trunk/src/en/book/ch06.xml	Mon May  2 21:01:38 2005
@@ -1769,6 +1769,72 @@
 
       </sect3>
 
+      <sect3 id="svn-ch-6-sect-4.4.3">
+        <title>Disabling Path-based Checks</title>
+
+        <para>The <command>mod_dav_svn</command> module goes through a
+          lot of work to make sure that data you've marked
+          "unreadable" doesn't get accidentally leaked.  This means
+          that it needs to closely monitor all of the paths and
+          file-contents returned by commands like <command>svn
+          checkout</command> or <command>svn update</command>
+          commands.  If these commands encounter a path that isn't
+          readable according to some authorization policy, then the
+          path is typically omitted altogether.  In the case of
+          history or rename tracing — e.g. running a command
+          like <command>svn cat -r OLD foo.c</command> on a file that
+          was renamed long ago — the rename tracking will simply
+          halt if one of the object's former names is determined to be
+          read-restricted.</para>
+
+        <para>All of this path-checking can sometimes be quite
+          expensive, especially in the case of <command>svn
+          log</command>.  When retrieving a list revisions, the server
+          looks at every changed path in each revision and checks it
+          for readability.  If an unreadable path is discovered, then
+          it's omitted from the list of the revision's changed paths
+          (normally seen with the <option>--verbose</option> option),
+          and the whole log message is suppressed.  Needless to say,
+          this can be time-consuming on revisions that affect a large
+          number of files.  This is the cost of security: even if you
+          haven't configured a module like
+          <command>mod_authz_svn</command> at all, the
+          <command>mod_dav_svn</command> module is still asking Apache
+          <command>httpd</command> to run authorization checks on
+          every path.  The <command>mod_dav_svn</command> module has
+          no idea what authorization modules have been installed, so
+          all it can do is ask Apache to invoke whatever might be
+          present.</para>
+
+        <para>On the other hand, there's also an escape-hatch of
+          sorts, one which allows you to trade security features for
+          speed.  If you're not enforcing any sort of per-directory
+          authorization (i.e. not using
+          <command>mod_authz_svn</command> or similar module), then
+          you can disable all of this path-checking.  In your
+          <filename>httpd.conf</filename> file, use the
+          <literal>SVNPathAuthz</literal> directive:</para>
+
+        <example id="svn-ch-6-sect-4.4.3-ex-1">
+          <title>Disabling path checks altogether</title>
+          <programlisting>
+            <Location /repos>
+              DAV svn
+              SVNParentPath /usr/local/svn
+            
+              SVNPathAuthz off
+            </Location>            
+          </programlisting>
+        </example>
+
+        <para>The <literal>SVNPathAuthz</literal> directive is "on" by
+          default.  When set "off", all path-based authorization
+          checking is disabled; <command>mod_dav_svn</command> stops
+          invoking authorization checks on every path it
+          discovers.</para>
+
+      </sect3>
+
     </sect2>
 
     <sect2 id="svn-ch-6-sect-4.5">



More information about the svnbook-dev mailing list