On Thursday 18 Apr 2002 10:07 pm, Darryl Okahata wrote:
> John Pybus <firstname.lastname@example.org> wrote:
> > If I caught a user on one of the machines I admin running apache from
> > their login account they wouldn't have a login account for long. However
> > they do all have ssh access (run as a _maintained_ and properly
> > configured service) and are welcome to run cvs --server (or svn
> > --streamy-access, or whatever else they need) over it.
> While I agree with this, how is running a "subversion server" (one
> hypothetically modified to NOT use apache) significantly less of a
> resource/network load than today's "apache-using-subversion server"?
> They both have the possibility of annihilating your CPU/network. It
> seems to me that, if one is banned, they both should be banned.
It's not just an issue resource usage, but of security. The machine admin is
responsible for setting up logins and running a properly secure sshd. cvs
--server runs as a user process. It's equivalent to the user logging in, and
running apps locally, there's no extra security implication. If there are
patches needed to sshd there is someone responsible for keeping it up to
date. Whatever policies are applied to passwords (lifetime, checking for
crackable passwords etc), are applied at the system (or more likely network
workgroup) level. There is a central place to give and revoke access to the
system, and this includes cvs as all other applications.
Apache opens a network socket and offers a service on it, (subject to any
firewalls) anyone can connect to it, it's up to the config of apache who gets
access to what. If a user were to run a local copy it would be with that
users permissions, this is worse than a normal setup running as user httpd.
In this scenario the user is required to configure apache securely, to use a
sensible login setup which follows local password policies etc; to upgrade
apache/mod_dav_svn as security issues are found. If some one has just
started this for an ad-hoc repository then there is every chance this won't
happen, and security of the network is compromised. That's why I wouldn't
let a user offer their own network services (apache or anything else).
To unsubscribe, e-mail: email@example.com
For additional commands, e-mail: firstname.lastname@example.org
Received on Fri Apr 19 11:42:45 2002