Ryan Schmidt wrote:
> So, now you have a reason to install Apache and upgrade to Subversion
> 1.3: svn+ssh does not provide you with post-checkout-or-export or
> post-update hooks; Apache + Subversion 1.3 + my script above does.
>
> I can't speak to your security policies, but if they get in the way
> of you doing what you need to do for your business, then you'd best
> reexamine those security policies. But I really don't know what kind
> of security-related issues you see in an Apache + Subversion server
> that are not present in an SSH + Subversion server.
>
> If you don't want people to be able to browse the repository via the
> web browser, I'm sure you can do that with a simple Apache directive
> like prohibiting all GET requests (since AFAIK real Subversion
> clients get all information via PROPFIND and REPORT requests) or by
> user agent (allowing only user agents like "SVN/1.3.0 (r17949) neon/
> 0.25.4" for example). In any case, you're merely taking away a
> convenience, not a feature, since a user can still browse the
> repository via the command-line client, if perhaps less conveniently.
or any of the big amount of Subversion GUI tools.
Perhaps you should have a look at Subversion 1.3.0. Svnserve now
also can restrict read/write access by path. Maybe this will help
you as you now can give the right people the right access to the
repository *before* anyone gets the wrong content instead of
reacting *after* this has happened.
Nevertheless the pre-update hook may still be a good thing to
restrict access by IPs, to just inform you about anyone who
is doing a checkout or to do any things that you need to do
when someone does a checkout (e. g. add to mailing list).
Mathias
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Mar 28 10:56:53 2006