[svnbook commit] r2837 - trunk/src/en/book

sussman noreply at red-bean.com
Sun Aug 12 21:00:27 CDT 2007

Author: sussman
Date: Sun Aug 12 21:00:27 2007
New Revision: 2837

Fix trac issue 31.

* src/en/book/ch06-server-configuration.xml
  (svn.serverconfig.pathbasdeauthz):  add sidebar explaining oddness
     with HTTP not re-authenticating partway through a checkout.


Modified: trunk/src/en/book/ch06-server-configuration.xml
--- trunk/src/en/book/ch06-server-configuration.xml	(original)
+++ trunk/src/en/book/ch06-server-configuration.xml	Sun Aug 12 21:00:27 2007
@@ -2561,6 +2561,36 @@
+  <!-- TODO(sussman):  this sidebar needs to be changed for svn 1.5,
+  making it clear that it's a neon behavior, and ??probably?? not the
+  case when using serf... -->
+  <sidebar>
+    <title>Partial Readabliity and Checkouts</title>
+    <para>If you're using Apache as your Subversion server and have
+      made certain subdirectories of your repository unreadable to
+      certain users, then you need to be aware of a possible
+      non-optimal behavior with <command>svn
+      checkout</command>.</para>
+    <para>When the client requests a checkout or update over HTTP, it
+      makes a single server request, and receives a single (often
+      large) server response.  When the server receives the request,
+      that is the <emphasis>only</emphasis> opportunity Apache has to
+      demand user authentication.  This has some odd side-effects.
+      For example, if a certain subdirectory of the repository is only
+      readable by user Sally, and user Harry checks out a parent
+      directory, his client will respond to the initial authentication
+      challenge as Harry.  As the server generates the large response,
+      there's no way it can re-send an authentication challenge when
+      it reaches the special subdirectory;  thus the subdirectory is
+      skipped altogether, rather than asking the user to
+      re-authenticate as Sally at the right moment.  In a similar way,
+      if the root of the repository is anonymously world-readable,
+      then the entire checkout will be done without
+      authentication—again, skipping the unreadable directory,
+      rather than asking for authentication partway through.</para>
+  </sidebar>
   <!-- ================================================================= -->
   <!-- ================================================================= -->

More information about the svnbook-dev mailing list