#74 Password based access control and authentification

open
nobody
5
2008-04-28
2008-04-28
Anonymous
No

It would be nice to have some sort of authentification against the password to the Subversion repositories.

Thus the password to access the repositories wouldn't have to be hardcoded into the config file.

Instead, each project would have a repository assigned (as it has now) and CodeStriker could use the subversion user access files (htpasswd and group / user file) to authenticate reviewers.

In the main project list screen, when clicking on the project, a dialog would come up for user name and password.

This user name and password would be verified against the associated subversion repository access rights. If the user is valid, it could see the review topics results and could create new reviews (also codestriker would have the user name and password to access the repository to pull the diffs).

However, if authentification would fail, no information other than the project list would be visible.

To make this work, one would have to add a super user or administrator who could create (even delete) projects.

Also, in the codestriker config file, instead of giving user name and password, one would point to the htpasswd file and user / group file for the particular repository.

Discussion