Re: a few nits setting up svn...

From: Perry E. Metzger <perry_at_piermont.com>
Date: 2004-02-13 02:59:38 CET

Ben Collins-Sussman <sussman@collab.net> writes:
>> Can I do that even if we're using the svn+ssh: access method? I thought
>> the daemon mode applied only if you were using the svn: method...
>
> That's correct. I'm suggesting that you *don't* use svn+ssh://,
> because it's no different than a bunch of users accessing the
> repository directly via file:///. Both file:/// and svn+ssh:// setups
> have the potential for huge permission headaches.
>
> I'm recommending that nothing ever access the repository but a single
> daemon server process: either apache (http://) or svnserve
> (svn://). Both servers have the ability to authenticate different
> users. SSH isn't required for that.

Er, unfortunately, for good or ill, many people need to use
ssh. Sometimes this is simple good security sense -- you want to avoid
opening additional attack vectors for a machine.

Given that, what might I be able to do to tighten down the on-machine
security without adding another bunch of code to audit talking
off-machine?

-- 
Perry E. Metzger		perry@piermont.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Received on Fri Feb 13 02:59:57 2004

This message: [ Message body ]
Next message: Simon Kitching: "Re: a few nits setting up svn..."
Previous message: Ben Collins-Sussman: "Re: a few nits setting up svn..."
In reply to: Ben Collins-Sussman: "Re: a few nits setting up svn..."
Next in thread: Simon Kitching: "Re: a few nits setting up svn..."
Reply: Simon Kitching: "Re: a few nits setting up svn..."
Reply: Ben Collins-Sussman: "Re: a few nits setting up svn..."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]