Re: ssh based access?

From: Perry E. Metzger <perry_at_wasabisystems.com>
Date: 2002-04-16 04:44:28 CEST

Garrett Rooney <rooneg@electricjellyfish.net> writes:
> > BTW, I'm perfectly happy using naked Apache as the front end for the
> > anonymous CVS equivalent in SVN.
>
> well, in that case you could simple disallow commit's via ra_dav, and
> make people log in and use ra_local for that.

That won't help. The problem is things like buffer overflows in
Apache, not whether the system enforces protection if functioning
correctly. The nice thing about sshd is that although it is not
perfect, it is at least one narrow interface one has to worry
about (and have to run on our systems anyway).

The basic principle in security is that code you aren't running can't
be used to break you.

> or, you can write ra_ssh (or ra_pipe, as people on irc were
> talking about, since there's no reason to require this to be used via
> ssh, we could use anything we can read and write to).

That's more or less the point. We sort of need such a
thing. Unfortunately, I'm insufficiently skilled to do so on my own.

--
Perry E. Metzger		perry@wasabisystems.com
--
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Tue Apr 16 04:45:15 2002

This message: [ Message body ]
Next message: Ben Collins: "Re: [PATCH] Deflate revisited..."
Previous message: Garrett Rooney: "Re: ssh based access?"
In reply to: Garrett Rooney: "Re: ssh based access?"
Next in thread: Greg Stein: "Re: ssh based access?"
Reply: Greg Stein: "Re: ssh based access?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]