[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ssh based access?

From: Perry E. Metzger <perry_at_wasabisystems.com>
Date: 2002-04-16 17:41:17 CEST

Greg Stein <gstein@lyra.org> writes:
> On Mon, Apr 15, 2002 at 10:27:17PM -0400, Perry E. Metzger wrote:
> > Brian Behlendorf <brian@collab.net> writes:
> > > > The real problem is that Apache is very large. It has to be to do all
> > > > that it does, but that means that it is hard to secure it because you
> > > > can't audit all the relevant code. Big is bad in security.
> > >
> > > If the extra modules are stripped out, and you run only the prefork MPM,
> > > it's pretty small.
> >
> > But that's not how we're running Apache for subversion.
>
> But that would appear to be your choice, hmm? You could definitely choose to
> run an Apache that is configured much "smaller" on your source code
> repository box.

How? I still need to run DAV and such.

> Run that on some alternate port, and you'll be set.

The port number isn't the issue.

> Or if you don't want users to mess with ports, you could use
> ProxyPass on your main web server and pass request thru to the
> internal interface/port where you've got your locked-down Subversion
> server.

When I ran a security consultancy, I made so much money off of
mentally challenged people1 who thought that proxies through the
firewall added security it wasn't funny. "Our web server is secure! We
have a firewall in front of it!"

The web server and associated software are the most dangerous pieces
of almost any company. I earned a very good living explaining to
people after they'd been broken into and mutilated why the apache
server had to be OUTSIDE the firewall.

> The point is: if you want to get seriously tight with the security of the
> server, the options are there.

They aren't.

> [ and note that using apache as a proxypass thingy, you could map ssl on the
> outside to a plain http on the inside so the secure repository doesn't
> have to install ssl code ]

Oh, great. "Crunchy on the outside, chewy middle, more moving parts".

> >...
> > > It's not like people aren't running Apache in pretty secure
> > > production situations - it's at least secure enough for netbsd's own web
> > > site (and openbsd's as well).
> >
> > Our web site is not considered a secure application. We're fully
>
> Why is it on the same box as the source code repository?

It isn't. We don't want to run Apache on the repository box, or rely
on Apache being secure.

--
Perry E. Metzger		perry@wasabisystems.com
--
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 16 17:42:06 2002

This is an archived mail posted to the Subversion Dev mailing list.