[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ssh based access?

From: Greg Stein <gstein_at_lyra.org>
Date: 2002-04-16 23:46:26 CEST

On Tue, Apr 16, 2002 at 11:41:17AM -0400, Perry E. Metzger wrote:
>
> Greg Stein <gstein@lyra.org> writes:
> > On Mon, Apr 15, 2002 at 10:27:17PM -0400, Perry E. Metzger wrote:
> > > Brian Behlendorf <brian@collab.net> writes:
>...
> > > > If the extra modules are stripped out, and you run only the prefork MPM,
> > > > it's pretty small.
> > >
> > > But that's not how we're running Apache for subversion.
> >
> > But that would appear to be your choice, hmm? You could definitely choose to
> > run an Apache that is configured much "smaller" on your source code
> > repository box.
>
> How? I still need to run DAV and such.

In my Apache executable right now, I have 20 builtin modules, and
mod_dav_svn is loaded dynamically. My point was that you could strip that
list down to mod_dav plus a limited few (probably mod_log_config, mod_ssl,
and maybe a mod_auth_foo for your local auth mechanism).

>...
> > Or if you don't want users to mess with ports, you could use
> > ProxyPass on your main web server and pass request thru to the
> > internal interface/port where you've got your locked-down Subversion
> > server.
>
> When I ran a security consultancy, I made so much money off of
> mentally challenged people1 who thought that proxies through the
> firewall added security it wasn't funny. "Our web server is secure! We
> have a firewall in front of it!"
>
> The web server and associated software are the most dangerous pieces
> of almost any company. I earned a very good living explaining to
> people after they'd been broken into and mutilated why the apache
> server had to be OUTSIDE the firewall.

You misunderstood me. I meant that you could run your big, bulky web server
and proxy-pass the source control back to your tighter-than-snot server and
box. This would make it appear that the source control was on the big
server.

>...
> > > > It's not like people aren't running Apache in pretty secure
> > > > production situations - it's at least secure enough for netbsd's own web
> > > > site (and openbsd's as well).
> > >
> > > Our web site is not considered a secure application. We're fully
> >
> > Why is it on the same box as the source code repository?
>
> It isn't. We don't want to run Apache on the repository box, or rely
> on Apache being secure.

Gotcha. But what makes sshd more secure than a locked down Apache? Is it
simply that Apache has not been as thoroughly reviewed? What if it was?
i.e. is there a point in the future where it is possible that Apache is
deemed secure enough?

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 16 23:46:44 2002

This is an archived mail posted to the Subversion Dev mailing list.