"C. Michael Pilato" <cmpil...@collab.net> writes: > Just a thought: Have you considered expanding the scope of the private > resource space rather than using the magic prefix hack? You could add > ".../!svn/vtxn/UUID" and ".../!svn/vtxr/UUID/..." to be alternate ways to > address transactions and transaction roots (the "v" there being a shortcut > for "virtual"). This is *effectively* the same approach as yours -- there's > a different prefix here. But the prefix is a clearly defined piece of the > protocol, not just some magic bit buried in mod_dav_svn's codebase.
I'll have a think about that. One aim is that the proxy can be as dumb as possible about the Subversion protocol, so that it doesn't have to rewrite all commit requests. If the client doesn't send the vtxn/vtxr URLs the proxy has to do more work. Another thing about exposing the transaction name in the protocol is that it is much more predictable than a UUID. Temporary files with predictable names can be a security issue, are predictable transaction names a security issue? Could a malicious client guess a transaction name and make changes that would subsequently be committed by the transaction "owner"? I think auth checks happen when writing to the transaction, so the malicious client can only make changes that would be allowed by auth. However the pre/post-commit hooks only run at commit (http MERGE), so the malicious clients changes would go through these with the transaction owners credentials. -- Philip
