[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Re: The read-permissions file -- unexpected behavio
From: |
Jonathan Ho |
Subject: |
Re: [Monotone-devel] Re: The read-permissions file -- unexpected behavior |
Date: |
Thu, 5 Jan 2006 12:34:33 -0800 |
User-agent: |
KMail/1.9.1 |
On Thursday, January 5, 2006 4:18, Lapo Luchini wrote:
> Timothy Brownawell <tbrownaw <at> gmail.com> writes:
> > Is com.example.foo a branch that really exists in the server's database?
> > If not, then permission will be granted because there's nothing to read,
> > and so nothing to deny permission for.
>
> Doesn't this "disclose" a tiny bit of information by itself? (the very fact
> that a branch does exist or not)
>
> Lapo
>
>
>
> _______________________________________________
> Monotone-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/monotone-devel
I agree here. Shouldn't monotone try to authenticate the user first, and if it
fails, deny the user access no matter what (s)he tried to pull from the
server (considering, of course, the server's configuration)?
Jonathan
pgpI8J16hZ9rZ.pgp
Description: PGP signature