[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Alternatives for remote access?

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2002-08-30 23:32:05 CEST

On Fri, 2002-08-30 at 17:12, Bill Tutt wrote:
> I think ra_pipe should
> know that its communication channels are secure, if they aren't then
> we're doing everyone a huge disservice by creating insecure distributed
> software.

The point of ra_pipe is that it allows the user to set up the
communications channel however they want. If the user wants to set up
an insecure channel, that's their business. They'll do it with or
without Subversion anyway.

(Besides, right now we use cleartext passwords over ra_dav. That's not
exactly "secure.")

> I, like some other folks mentioned earlier want to support
> ACLs on non-ra_dav RA access mechanisms, and the only way you can do
> that is to require that ra_pipe, or ra_* fit into the authentication
> system somehow.

Well, the simple method here is to check against the username given by
the uid of the server process. (The shell account can be restricted to
use only the svn program, so checking ACLs against a uid does actually
make sense.) It will take a bit more thought to handle the case where
the user has set up sshd to use PAM against some other database, but
it's a simple matter of allowing the communications channel to
communicate the authentication name.

> Not to mention if your tests don't use ssh, then you're
> not correctly testing your system. Users will use ssh, and if you don't
> use ssh in your tests then the tests are next to useless. End to end
> integration tests are necessary.

Not for us, they aren't. We don't do our tests with web proxies or
firewalls or NAT gateways or in between the endpoints, even though we
know those elements can cause Subversion to fail if not configured
properly. We don't do these things because we know that those elements
are, when properly configured, transparent to our data stream. And so
is ssh from ra_pipe's point of view.

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Aug 30 23:32:49 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.