[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ssh based access?

From: Perry E. Metzger <perry_at_wasabisystems.com>
Date: 2002-04-16 04:44:28 CEST

Garrett Rooney <rooneg@electricjellyfish.net> writes:
> > BTW, I'm perfectly happy using naked Apache as the front end for the
> > anonymous CVS equivalent in SVN.
> well, in that case you could simple disallow commit's via ra_dav, and
> make people log in and use ra_local for that.

That won't help. The problem is things like buffer overflows in
Apache, not whether the system enforces protection if functioning
correctly. The nice thing about sshd is that although it is not
perfect, it is at least one narrow interface one has to worry
about (and have to run on our systems anyway).

The basic principle in security is that code you aren't running can't
be used to break you.

> or, you can write ra_ssh (or ra_pipe, as people on irc were
> talking about, since there's no reason to require this to be used via
> ssh, we could use anything we can read and write to).

That's more or less the point. We sort of need such a
thing. Unfortunately, I'm insufficiently skilled to do so on my own.

Perry E. Metzger		perry@wasabisystems.com
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 16 04:45:15 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.