[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: SVN Security

From: Brent Webster <brent.webster_at_liquidcomputing.com>
Date: 2006-04-13 17:20:06 CEST

If you want security then use svn+ssh or http.
The file: option is more for single user on their desktop.

Brent

>>-----Original Message-----
>>From: Timo Wendt [mailto:twendt@online.de]
>>Sent: April 13, 2006 11:11 AM
>>To: users@subversion.tigris.org
>>Subject: SVN Security
>>
>>Hi,
>>
>>I have evaluated Subversion for the last few days. The
>>features are really great. My problem with it are the
>>security things in some areas. There are a lot of nice
>>features when you connect to the repository remotely. From
>>1.3.1 you don't even need Apache anymore to use the features
>>from authz. But to my idea Subversion lacks a lot of security
>>when it comes to local access to the repository via file:///.
>>All I can to is hook scripts for commits and such things.
>>But what if I like no access. Of course I did change the
>>permissions of the repository dirs., but thats about it. The
>>book always states that umask is important. Umask is
>>something the Admin cannot force.
>>Every user can change his umask if he wants to. I want to
>>place config files in the repository that are confidential. I
>>cannot rely on users having to set there umask correctly.
>>
>>I also did a hotcopy of the repository. All my permissions
>>are lost after that. The copy is again a matter of the umask.
>>
>>Another thing that bothers me is the auth cache and it even
>>on per default. Saving clear text passwords on disk is bad.
>>In my case the file was even world readable even thogh the
>>book states it is only readable by the owner. I understand
>>that this feature is nice for usage, but is there no way of
>>shutting it off completely apart from changing the source
>>code, which I did? As long as this feature is available,
>>users will use it. Users always find nice ways to make their
>>work easiest.
>>
>>Don't misunderstand me, this product is really great, but
>>please also understand my point of view.
>>
>>Greeting,
>>
>>Timo
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
>>For additional commands, e-mail: users-help@subversion.tigris.org
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Apr 13 17:22:47 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.