[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Protection from ROOT

From: Adalberto Castelo <castelo_at_qiwi.es.dupont.com>
Date: 2003-08-12 18:44:35 CEST

I guess the safest way for you to do that would be to have the svn repos at
your side of the network. You'd encrypt the whole repository (at your current
local machine) after each check in, and send the encrypted result as one file
to your VPS. The VPS wouldn't be running svn.

When you need to access it from a different machine, just make sure you have
the propper key to decrypt the repository again. Download, decrypt, and use
the repos normaly (locally). After you're done, encrypt and send it to the
VPS again.

It looks to me that such a process could be easily automated, say, to check
the VPS for a time stamp, to see if your local repos is up to date (the time
stamp itself could be encrypted).

The other posters are right: if the stuff you run at the host machine has
access to you clear text (in the currently available hw -- this could be
different if machines start implementing hardware DRM), then you must trust
the root of that machine. The best solution has to use the host simply as a
repository of encrypted data.

Adalberto

On Tuesday 12 August 2003 05:15, Richard in Public wrote:
> Hi
>
> I've just set up a Virtual Private Server to centralize personal and
> business info. I plan to use Subversion as my repository. My one
> concern is that, being a VPS, it is possible for my service provider to
> access my files. I don't expect this of course, but I'd be much more
> comfortable if I could encrypt sensitive information. Is it possible to
> have Subversion (or the BerkleyDB configured to) encrypt the data that
> it stores? I'm assuming that the SSL stuff is only useful for
> protecting against data in transfer.
>
> Thanks,
>
> Richard Hoberman
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org

This communication is for use by the intended recipient and contains
information that may be privileged, confidential or copyrighted under
applicable law. If you are not the intended recipient, you are hereby
formally notified that any use, copying or distribution of this e-mail,
in whole or in part, is strictly prohibited. Please notify the sender
by return e-mail and delete this e-mail from your system. Unless
explicitly and conspicuously designated as "E-Contract Intended",
this e-mail does not constitute a contract offer, a contract amendment,
or an acceptance of a contract offer. This e-mail does not constitute
a consent to the use of sender's contact information for direct marketing
purposes or for transfers of data to third parties.

 Francais Deutsch Italiano Espanol Portugues Japanese Chinese Korean

            http://www.DuPont.com/corp/email_disclaimer.html

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Aug 12 18:45:56 2003

This is an archived mail posted to the Subversion Users mailing list.