[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Alternatives for remote access?

From: David Summers <david_at_summersoft.fay.ar.us>
Date: 2002-08-30 16:35:27 CEST

On Fri, 30 Aug 2002, mark benedetto king wrote:
> On Thu, Aug 29, 2002 at 10:18:25PM -0700, Justin Erenkrantz wrote:
> >
> > Steps:
> > ssh -L 8888:127.0.0.1:8888 authorized-user@ssh-only-server
> > svn co http://localhost:8888/
> >
>
> My problem with this approach (other than the hassle of remembering
> to set up the tunnel in advance) is that SSH's local sockets do
> ZERO authentication. Any bozo with an account on the local host
> would have unrestricted access to the remote repo. Additionally,
> if SSH is configured to accept connections on non-loopback interfaces
> (which is common, even if unadvisable), any bozo with network access
> to the local host would have unrestricted access to the remote repo.
>

I think ra_pipe is a great idea, and there is definitely a place for
it, but as to the above:

Am I missing something? I would never set up read/write access to the
repo to "allow unrestricted access to the remote repo". I would use the
normal subversion/apache mechanisms for authenticating the repo users.

I'm not trying to argumentative, just trying to understand things and find
out if I'm missing something.

-- 
David Wayne Summers          "Linux: Because reboots are for upgrades!"
david_at_summersoft.fay.ar.us   PGP Key: http://summersoft.fay.ar.us/~david/pgp.txt
PGP Key fingerprint =  C0 E0 4F 50 DD A9 B6 2B  60 A1 31 7E D2 28 6D A8 
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Aug 30 16:36:08 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.