[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Wrong username for commits

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2004-12-05 16:52:32 CET

On Dec 5, 2004, at 9:29 AM, Gili wrote:

> More to the point: what prevents me from logging in using SSH as
> user1 and using "--tunnel-user user2"? Seems like a security risk...

How is that a risk?

Granting svn+ssh:// access to a user is exactly the same as giving
somebody a system account -- allowing them to ssh in -- and giving them
access to the database directly via file:///. And that's the same as
allowing the user to open the database files directly in their editor
and start mucking with fields however they want... changing authors,
log messages, etc.

So either you trust the user to have direct access to the database, or
you don't:

    * If you trust them, you allow them to edit the database files
directly, via svn+ssh:// or file:///. The only "authorization" going
on is OS permissions on the database files.

    * If you don't trust your users, then only allow a *single* server
process to edit the database, like apache or 'svnserve -d'. The server
process has exclusive access, and authorizes every client action.

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Dec 5 16:54:59 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.