[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Subversion security design

From: Brent J. Nordquist <bjn_at_visi.com>
Date: 2000-06-23 19:08:07 CEST

Was excited to hear about Subversion... I'm an integration veteran :-) and
the SVN goals (vs. CVS) strike a deep chord.

I read through the design document, and was surprised to find so little
about security, because I've always thought that pserver was one of the
worst parts about CVS.

I was encouraged to see the notes on abstracted file permissions, and SVN
keeping its own list of users and access rights. But I'm wondering what
has been discussed about:

- Authentication (PAM hopefully?)
- Security of the client-server protocol (encryption?)
- Security of the server ("best practices", e.g., not requiring root)

etc.

I wholeheartedly agree with Bruce Schneier that security is a process and
needs to be designed in from the start... I think that's why CVS's is so
poor. Thanks!

-- 
Brent J. Nordquist <bjn@visi.com>
Yahoo!: Brent_Nordquist / AIM: BrentJNordquist / ICQ: 76158942
Received on Sat Oct 21 14:36:05 2006

This is an archived mail posted to the Subversion Dev mailing list.