[PATCH] httprepo: long arguments support (issue2126)
Laurens Holst
laurens.nospam at grauw.nl
Sun Mar 27 05:27:35 CDT 2011
Op 27-3-2011 11:21, Steven Brown schreef:
> On 21 March 2011 22:54, Laurens Holst<laurens.nospam at grauw.nl> wrote:
>> Op 21-03-11 08:30, Dirkjan Ochtman schreef:
>>> On Mon, Mar 21, 2011 at 02:39, Matt Mackall<mpm at selenic.com> wrote:
>>>> Let's try to get more discussion on whether POST is acceptable and
>>>> anyone is using POST filtering.
>>> AFAICT restricting push access by filtering out POST requests is a
>>> fairly common setup.
>> Yes I do that too, it was the setup described on the wiki. And fairly
>> convenient I must say (and properly RESTful :)).
>>
>> ~Laurens
>>
> It would still be possible to authenticate on push like this:
>
> RewriteEngine on
> RewriteCond %{QUERY_STRING} cmd=unbundle
> RewriteRule .* - [E=hg_auth:1]
>
> <Location /hg>
> Order Allow,Deny
> Allow from env=!hg_auth
> AuthType Basic
> AuthName "Mercurial repositories"
> AuthUserFile /home/user/hg/hgusers
> Require valid-user
> Satisfy Any
> </Location>
>
> This new configuration will also work for existing servers, without
> upgrading Mercurial. So it could be added to the Wiki as soon as this
> patch is accepted, and POST filtering could be deprecated.
>
> For existing servers using POST filtering:
> - Make a one-time change to the Apache configuration.
> - This change can be made at any time, even before upgrading Mercurial.
> - If the change is not made before upgrading Mercurial, pushes will
> still be authenticated, so there is no security concern. However,
> users will be prompted for authentication when using the clone,
> incoming, outgoing or pull commands until the configuration is
> updated.
Would be better if it only did that when the list of heads gets too
long. Then the current configurations will keep working most of the time
(I never ran into the problem myself).
~Laurens
--
~~ Ushiko-san! Kimi wa doushite, Ushiko-san nan da!! ~~
Laurens Holst, developer, Utrecht, the Netherlands
Website: www.grauw.nl. Backbase employee; www.backbase.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6034 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://selenic.com/pipermail/mercurial-devel/attachments/20110327/60364162/attachment.bin>
More information about the Mercurial-devel
mailing list