Hello,
Thank you for contacting VisualSVN Team.

> I have a couple of repositories such as:
> REPO1
> REPO2
>
> The access to above repositories is restricted for some users but when I try
> to browse the SVN using "repo browser" by typing in https://svn server
> path/svn/repo1 the folders are accessible to the user which shows that the
> restriction to folders are based on the case (uppercase in my scenario).
>
> Has someone witnessed this before? Any solution?
> Please let me know if there is a confusion in my explained scenario.

Path-based authorization with *Subversion authentication* (Apache
Subversion 1.7) is *case-sensitive*.

Prior to version 1.7, Apache Subversion 1.6 treats repository names
and paths in a case-insensitive fashion for the purposes of access
control, converting them to lower case internally before comparing
them against the contents of your access file.
It now does these comparisons case-sensitively. See Apache Subversion
1.7. Release Notes at
http://subversion.apache.org/docs/release-notes/1.7.html#case-sensitive-authz.

To resolve the possible security issues you should remove "read /
write" and "read" access from the repositories root and consider
setting permissions repository-wide, not server-wide.

NOTE: The issue affects only Subversion authentication type and
doesn't reproduce with Windows Authentication (Basic and/or
Integrated).

See SVNBook | Path-Based Authorization:
http://www.visualsvn.com/support/svnbook/serverconfig/pathbasedauthz/

Thank you.

-- 
With best regards,
Pavel Lyalyakin
VisualSVN Team

-- 
You received this message because you are subscribed to the Google Groups 
"VisualSVN" group.
To post to this group, send email to visualsvn@googlegroups.com.
To unsubscribe from this group, send email to 
visualsvn+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/visualsvn?hl=en.

Reply via email to