Hello, Thank you for contacting VisualSVN Team. > I have a couple of repositories such as: > REPO1 > REPO2 > > The access to above repositories is restricted for some users but when I try > to browse the SVN using "repo browser" by typing in https://svn server > path/svn/repo1 the folders are accessible to the user which shows that the > restriction to folders are based on the case (uppercase in my scenario). > > Has someone witnessed this before? Any solution? > Please let me know if there is a confusion in my explained scenario.
Path-based authorization with *Subversion authentication* (Apache Subversion 1.7) is *case-sensitive*. Prior to version 1.7, Apache Subversion 1.6 treats repository names and paths in a case-insensitive fashion for the purposes of access control, converting them to lower case internally before comparing them against the contents of your access file. It now does these comparisons case-sensitively. See Apache Subversion 1.7. Release Notes at http://subversion.apache.org/docs/release-notes/1.7.html#case-sensitive-authz. To resolve the possible security issues you should remove "read / write" and "read" access from the repositories root and consider setting permissions repository-wide, not server-wide. NOTE: The issue affects only Subversion authentication type and doesn't reproduce with Windows Authentication (Basic and/or Integrated). See SVNBook | Path-Based Authorization: http://www.visualsvn.com/support/svnbook/serverconfig/pathbasedauthz/ Thank you. -- With best regards, Pavel Lyalyakin VisualSVN Team -- You received this message because you are subscribed to the Google Groups "VisualSVN" group. To post to this group, send email to visualsvn@googlegroups.com. To unsubscribe from this group, send email to visualsvn+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/visualsvn?hl=en.
