Why not use ssh+svnserve instead. Use the --listen-host option to
svnserve so that it only listens on the loopback interface(127.0.0.1) so
that remote users can not connect to the daemon unless they use the
forwarding ability of ssh (-L option).
That would seem to make configuration of the server easy(no permission
problems since only the user account that you use to launch svnserve
will need permissions to the files) and only allow ssh access remotely.
On Thu, 2004-03-04 at 15:56, Jim Nutt wrote:
> On Thu, 04 Mar 2004 15:40:49 -0500
> Brian Mathis <bmathis@directedge.com> wrote:
>
> > This brings me to the question of why are you using svn+ssh? Out of
> > the 4 access methods you have to choose from, you've chosen (IMO), the
> > 3rd most desirable one. They are, in order of desireability:
> > 1. http
> > 2. svnserve daemon
> > 3. svn+ssh
> > 4. file
> >
> > I can understand people who don't want to go through
> > installing/reinstalling apache. Instead of that, you should use
> > svnserve as a daemon. It ensures that every access is done on the
> > repo using the same user and group. The only time svn+ssh and file
> > should be used is if the repo is for a single user project.
>
> That's easy. Security. svnserve sans ssh isn't secure. https is, or can
> be, anyway, but it's not always an option.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Mar 4 22:14:02 2004