"Brent J. Nordquist" <bjn@visi.com> writes:
> - Authentication (PAM hopefully?)
> - Security of the client-server protocol (encryption?)
> - Security of the server ("best practices", e.g., not requiring root)
One of Subversion's goals is to write an extremely modular system;
we're trying to create well-defined interfaces so people can extend
the system at any number of levels.
This is the reason the design document's mention of security may seem
vague to you: we're deliberately *not* discussing any particular
authentication or authorization mechanism. Authentication and
encryption? Those issues are the network layer's business; after
authenticating (possibly over a secure channel), it simply needs to
pass the server library a filled-in `svn_user_t' structure.
Authorization? That's a server-side plugin. Folks can implement any
ACL system they wish, provided they conform to our interface.
For the initial release of Subversion, you won't find anything
super-fancy; it will be something that works well for most people.
The `network layer' will be Apache, which is a good choice simply
because it *already* has numerous means of using secure protocols,
authenticating users, and has already been subjected to "best security
practices" exams. (And it's quite extensible, too.)
The point is: release something that works, but is designed to be
easily hackable. Outside folks can then come along and implement
{ssh, ssl, kerberos, pam, SQL, <insert security buzzword here>, ...}
as new features at different levels. :)
Received on Sat Oct 21 14:36:05 2006