iF.SVNAdmin icon indicating copy to clipboard operation
iF.SVNAdmin copied to clipboard

Published 20 hours ago verified publisher icon mfreiholz

Permission-check for repository listing

Open christoph-sohrmann opened this issue 9 years ago • 2 comments

It seems there is no permission-check for the repository listing. Any user which has login-permission is allowed to list all repositories on the server including its files. Users should only be allowed to see repos where they have r/rw permissions or where they have the role of access-path manager.

As a workaround I disabled the repo listing in the backend settings.

christoph-sohrmann avatar Mar 05 '15 22:03 christoph-sohrmann

hi dondieselkopf would u please tell me how to archive the issue, thx!

keky avatar May 06 '15 14:05 keky

@keky This issue needs to be fixed in some upcoming releases, which I don't have any influence upon. My security-workaround is to disable the listing of repos altoghether.

christoph-sohrmann avatar May 06 '15 14:05 christoph-sohrmann