[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: TortoiseSVN possibly flagged by IT as security risk

From: Andy Levy <andy.levy_at_gmail.com>
Date: Tue, 4 Mar 2014 12:13:31 -0500

On Tue, Mar 4, 2014 at 11:23 AM, Trevor Middel <tmiddel_at_gmail.com> wrote:
> Hi Folks,
>
> Yesterday I installed TortoiseSVN on a work desktop in order to download code from R-forge to compile the binary locally. The build on R-Forge had failed.
>
> This morning I received a call from our IT security requiring a scan to be run on my machine as it was suspected of running torrent software. My IP address also suggested a port had been opened on my machine.
>
> Uninstalling TortoiseSVN removed the port and allowed IT to connect remotely to my machine, scan is running now :)
>
> Does it make sense that TortoiseSVN would raise this flag for ITS? I had been considering using TortoiseSVN for some projects I'm working on but may have to reconsider given this issue, or go through the certification process here.

I don't think anyone here can answer whether it makes sense or why it
raised a flag, because no one here knows your company's security
policies or understands the reasoning behind them.

TortoiseSVN is not a BitTorrent client or server. It is not a server
of any kind. It speaks HTTP, HTTPS, and the custom SVN protocol. It
does not (to my knowledge) make outbound connections without the user
explicitly taking action, except for an HTTP connection to check for
new versions (and even that doesn't happen until you perform other
tasks, IIRC).

In short, your IT security team probably has an over-zealous rule
configured that is misidentifying the software. If you need
TortoiseSVN to do your job effectively, they need to work with you to
handle it properly.

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3074010

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2014-03-04 18:40:58 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.