[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: a few nits setting up svn...

From: Perry E. Metzger <perry_at_piermont.com>
Date: 2004-02-13 02:59:38 CET

Ben Collins-Sussman <sussman@collab.net> writes:
>> Can I do that even if we're using the svn+ssh: access method? I thought
>> the daemon mode applied only if you were using the svn: method...
> That's correct. I'm suggesting that you *don't* use svn+ssh://,
> because it's no different than a bunch of users accessing the
> repository directly via file:///. Both file:/// and svn+ssh:// setups
> have the potential for huge permission headaches.
> I'm recommending that nothing ever access the repository but a single
> daemon server process: either apache (http://) or svnserve
> (svn://). Both servers have the ability to authenticate different
> users. SSH isn't required for that.

Er, unfortunately, for good or ill, many people need to use
ssh. Sometimes this is simple good security sense -- you want to avoid
opening additional attack vectors for a machine.

Given that, what might I be able to do to tighten down the on-machine
security without adding another bunch of code to audit talking

Perry E. Metzger		perry@piermont.com
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Feb 13 02:59:57 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.