Dear Wiki user, You have subscribed to a wiki page or wiki category on "Subversion Wiki" for change notification.
The "ServerDictatedConfiguration" page has been changed by CMichaelPilato: http://wiki.apache.org/subversion/ServerDictatedConfiguration?action=diff&rev1=10&rev2=11 || myriad authn-related stuff || per-server, per-repos || Un-enforceable || Lack of enforceability plus relationship to security means that admins do not want the client to be able to trivially override this setting. Precise requirements TBD (is this a boolean "allow/disallow plaintext password caching", or "require X, Y or Z encrypted password stores", or ...? || NOTE: The configuration the server dictates can at best be only a suggestion to the client, with well-behaving clients honoring that suggestion. As free software, though, most such clients could be modified by a malicious user to ignore server-side suggestions. Server-side enforcement of desired behaviors (where possible, and often via hook scripts) is still recommended. + + ANOTHER NOTE: At least one user specifically called out the need for the server to enforce adherence to the configured behaviors ''without'' requiring hook scripts to do so. For example, if the repository has a configured auto-props list, the Subversion C code is perfectly capable of validating that incoming committed items obey those settings, failing the commit otherwise. This seems like a reasonable request so long as we permit admins to specify which of their configuration settings are "suggested" versus "required" (again, taking into account that anything unenforceable can't truly be "required"). === Server-client transmission mechanism ===
