[Jon Foster] > All he has to do is change the svn:sync-from-url property on the > mirror repository to be a file:// URL to the source repository, > rather than a http:// one. The correct file:// URL is probably > guessable.
I'd never thought of this as as security problem, but I _do_ think it's a suboptimal design where a svnsync setup stores state on the mirrored repository which is relative not to the mirror, but to whoever is running svnsync. > Please can we change "svnsync sync" to allow both the source and > target URLs to be specified? That rather simple measure would block > this attack. Since svnsync is usually invoked from a script, typing > the extra URL isn't a problem. Yes, this sounds like a good design anyway, aside from the security question. Peter
