Greg Stein <gstein@lyra.org> writes:
> On Mon, Apr 15, 2002 at 10:27:17PM -0400, Perry E. Metzger wrote:
> > Brian Behlendorf <brian@collab.net> writes:
> > > > The real problem is that Apache is very large. It has to be to do all
> > > > that it does, but that means that it is hard to secure it because you
> > > > can't audit all the relevant code. Big is bad in security.
> > >
> > > If the extra modules are stripped out, and you run only the prefork MPM,
> > > it's pretty small.
> >
> > But that's not how we're running Apache for subversion.
>
> But that would appear to be your choice, hmm? You could definitely choose to
> run an Apache that is configured much "smaller" on your source code
> repository box.
How? I still need to run DAV and such.
> Run that on some alternate port, and you'll be set.
The port number isn't the issue.
> Or if you don't want users to mess with ports, you could use
> ProxyPass on your main web server and pass request thru to the
> internal interface/port where you've got your locked-down Subversion
> server.
When I ran a security consultancy, I made so much money off of
mentally challenged people1 who thought that proxies through the
firewall added security it wasn't funny. "Our web server is secure! We
have a firewall in front of it!"
The web server and associated software are the most dangerous pieces
of almost any company. I earned a very good living explaining to
people after they'd been broken into and mutilated why the apache
server had to be OUTSIDE the firewall.
> The point is: if you want to get seriously tight with the security of the
> server, the options are there.
They aren't.
> [ and note that using apache as a proxypass thingy, you could map ssl on the
> outside to a plain http on the inside so the secure repository doesn't
> have to install ssl code ]
Oh, great. "Crunchy on the outside, chewy middle, more moving parts".
> >...
> > > It's not like people aren't running Apache in pretty secure
> > > production situations - it's at least secure enough for netbsd's own web
> > > site (and openbsd's as well).
> >
> > Our web site is not considered a secure application. We're fully
>
> Why is it on the same box as the source code repository?
It isn't. We don't want to run Apache on the repository box, or rely
on Apache being secure.
--
Perry E. Metzger perry@wasabisystems.com
--
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 16 17:42:06 2002